2020 matches found
SUSE CVE-2024-47779
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...
WordPress plugin Classic Editor and Classic Widgets SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2024-32524 · Unknown · Classic Widgets +1
Name of the Vulnerable Software and Affected Versions: WPGrim Classic Editor and Classic Widgets versions 1.4.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to...
CVE-2024-49271
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows : Command Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a...
SUSE CVE-2024-47771
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
CVE-2024-47779
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...
CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...
CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...
CVE-2024-47771
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
CVE-2024-47771
CVE-2024-47771 affects Element Desktop. Versions 1.11.70–1.11.80 expose access tokens under crafted conditions, with at least one vector identified (malicious widgets); other vectors may exist. Red Hat/SUSE/OpenSUSE advisories confirm the issue and recommend upgrading to Element Desktop/Web 1.11....
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
PT-2024-32808 · Element · Element Desktop
Name of the Vulnerable Software and Affected Versions: Element Desktop versions 1.11.70 through 1.11.80 Description: The issue concerns a vulnerability in Element Desktop, a Matrix client for desktop platforms, which can lead to the exposure of access tokens to third parties under specially craft...
PT-2024-32811 · Element · Element Web
Name of the Vulnerable Software and Affected Versions: Element Web versions 1.11.70 through 1.11.80 Description: The issue is related to the exposure of access tokens to third parties under specially crafted conditions. At least one vector has been identified, involving malicious widgets, but oth...
element-web -- Potential exposure of access token via authenticated media
Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.121...
CVE-2024-8913
CVE-2024-8913 affects The Plus Addons for Elementor (WordPress) up to version 5.6.11. The issue arises from the render function in modules/widgets/tp_accordion.php, enabling authenticated attackers with Contributor-level access and above to expose sensitive information (private, pending, and draf...
Malicious code in @copilot-web-widgets/ai-writer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 370d6b958dcc6a556f2ee4be3946c6a1a995bb05d4217f408f2302dd397689a2 The OpenSSF Package Analysis project identified '@copilot-web-widgets/ai-writer' @ 1.13.1 npm as malicious. It is considered malicious because: ...
Malicious code in @copilot-web-widgets/common-core-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 148c6b43da3f4ec787aa611cf721a390eab6918627604a9405d817955e2c472b The OpenSSF Package Analysis project identified '@copilot-web-widgets/common-core-sdk' @ 1.11.0 npm as malicious. It is considered malicious...