9 matches found
PT-2026-51315
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.11 through 2.11.0 Description A Use After Free issue exists in the xmlParseInternalSubset function of libxml2. This occurs due to improper entity resolution handling, which allows a remote attacker to cause a...
WordPress Ultimate Member plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Ultimate Member versions = 2.11.0...
EUVD-2019-0416
Malware in sbrugna...
Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to cross-site scripting due to DOMPurify (WS-2024-0017)
Summary The Fusion Web UI uses DOMPurify which is vulnerable to an attacker bypassing sanitizers and executing JavaScript code. WS-2024-0017 Vulnerability Details WSID: WS-2024-0017 DESCRIPTION: Insufficient checks in DOMPurify allows an attacker to bypass sanitizers and execute arbitrary...
PT-2024-18399 · Scrapy +3 · Scrapy +3
Name of the Vulnerable Software and Affected Versions: Scrapy versions 2.6.0 through 2.11.0 Scrapy versions prior to 1.8.4 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the Scrapy project, specifically in the parsing of XML content. B...
FreeRDP: Multiple Vulnerabilities
Background FreeRDP is a free implementation of the remote desktop protocol. Description Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
GHSA-CJ6J-32RG-45R2 Cross-site Scripting in JSPWiki
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking...
Mautic Arbitrary File Download Vulnerability
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic versions 1.0.0 through 2.11.0. An attacker can exploit the vulnerability to download arbitrary files from the...
JVN#37878530: EC-CUBE vulnerable to cross-site request forgery
EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...