CVE-2024-3815

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

CVE-2024-3815

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Newspaper Theme <= 12.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Newspaper Type Theme Vulnerable versions = 12.6.5 Fixed in 12.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3815 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fb86a187abf Credits István Márton Required...

Apple Mac OS X Security Update (HT213724)

Apple Mac OS X is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

macOS 12.x < 12.6.5 (HT213724)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.5. It is, therefore, affected by a vulnerability: - An out-of-bounds write issue was addressed with improved input validation. CVE-2023-28206 Note that Nessus has not tested for this issue but has instead relied...