87 matches found
EUVD-2021-21734
Malware in sbrugna...
EUVD-2022-0311
Malicious code in bioql PyPI...
EUVD-2022-6435
Malicious code in bioql PyPI...
The vulnerability of the _GLOBAL_TOC function in the arch/powerpc/kvm/book3s_hv_rmhandlers.S module of the virtualization subsystem on the PowerPC platform in the Linux operating system allows a attacker to execute arbitrary code with elevated privileges or cause a service failure.
The vulnerability of the GLOBALTOC function in the arch/powerpc/kvm/book3shvrmhandlers.S module of the virtualization subsystem on the PowerPC platform in the Linux operating system is related to a buffer overflow based on a stack. Exploiting this vulnerability could allow an attacker to execute...
CVE-2023-0490
The fx TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2020-3684
u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...
Malicious code in toc-generator-markdown (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78aba0f665dc55e94b5a5dc3b90ce2d371080c1acda0c4565429afcfb9ba4fe6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-35090
Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
WordPress CM Table Of Contents – WordPress TOC Plugin Plugin < 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software CM Table Of Contents – WordPress TOC Plugin Type Plugin Vulnerable versions 1.2.3 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5030 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf478e63ad63...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation of the vector-toc-toggle-button-label parameter. Remediation A fix was pushed into the master branch but not yet published. References - Gerrit Wikimedia - GitHub Commit - Wikimedia Phabricator...
WordPress plugin Essential Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-29530 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.5 MediaWiki versions 1.40.x prior to 1.40.1 Description: An issue was discovered in the Vector Skin component for MediaWiki. The vector-toc-toggle-button-label is not escaped, but should be, because the line...
DEBIAN-CVE-2021-34121
An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...
CVE-2023-0490
The fx TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The fx TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0490 f(x) TOC <= 1.1.0 - Contributor+ Stored XSS
The fx TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0490
CVE-2023-0490 concerns the f(x) TOC WordPress plugin (
WordPress plugin f(x) TOC 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress f(x) TOC Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software fx TOC Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0490 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8736d6d89b3b Credits István Márton Required...
Malicious Package
Overview postcss-toc is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...