CVE-2024-5419

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7redirectpage' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and outpu...

WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cf7redirectpage Attribute vulnerability discovered by wesley wcraft in WordPress Plugin Void Contact Form 7 Widget For Elementor Page Builder versions = 2.4...

WordPress plugin Void Contact Form 7 security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer MSI files for virtual private networks VPNs to deliver a command-and-control C&C framework called Winos 4.0. "The campaign also promotes compromised...

SUSE CVE-2024-36013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2capconnect Extend a critical section to prevent chan from early freeing. Also make the l2capconnect return type void. Nothing is using the returned value but it is ugly to return a...

DEBIAN-CVE-2024-36013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2capconnect Extend a critical section to prevent chan from early freeing. Also make the l2capconnect return type void. Nothing is using the returned value but it is ugly to return a...

UBUNTU-CVE-2024-36013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2capconnect Extend a critical section to prevent chan from early freeing. Also make the l2capconnect return type void. Nothing is using the returned value but it is ugly to return a...

Iranian State Hackers Partner Up for Large-Scale Attacks, Report

By Deeba Ahmed Check Point researchers have detailed a new Iranian state-sponsored hacker group called Void Manticore, partnering with Scarred Manticore, another threat group based in Iran's Ministry of Intelligence and Security. This is a post from HackRead.com Read the original post: Iranian...

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

An Iranian threat actor affiliated with the Ministry of Intelligence and Security MOIS has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under t...

WordPress Plugin Void Elementor WHMCS Elements For Elementor Page Builder 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

PT-2024-24714 · Elementor · Void Elementor Whmcs Elements For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: Void Elementor WHMCS Elements For Elementor Page Builder versions n/a through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS...

WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Void Elementor WHMCS Elements For Elementor Page Builder versions = 2.0...

CVE-2023-52214

Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3...

WordPress Plugin Void Contact Form 7 Widget For Elementor Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

SUSE CVE-2024-27934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...

PT-2024-22148 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.36.2 through 1.40.3 Description: The issue arises from the use of inherently unsafe const c void and ExternalPointer which leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. An...

VulnCheck KEV: CVE-2021-25899

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1...

Heap Buffer Overflow

firefox, thunderbird vulnerable to Heap Buffer Overflow. The vulnerability due to running in headless mode by using nsWindow::PickerOpenvoid method.It allows an attacker to execute heap buffer overflow...

Debian DSA-5582-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5582 advisory. - The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compa...

CVE-2023-6861

The nsWindow::PickerOpenvoid method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...