Lucene search
K

2020 matches found

SUSE CVE
SUSE CVE
added 2024/10/17 2:48 a.m.3 views

SUSE CVE-2024-47779

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS7.2AI score0.00417EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.2 views

WordPress plugin Classic Editor and Classic Widgets SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.5CVSS7.8AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.4 views

PT-2024-32524 · Unknown · Classic Widgets +1

Name of the Vulnerable Software and Affected Versions: WPGrim Classic Editor and Classic Widgets versions 1.4.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to...

8.5CVSS8.1AI score0.00407EPSS
Exploits0References5
OSV
OSV
added 2024/10/16 1:15 p.m.6 views

CVE-2024-49271

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows : Command Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a...

7.2CVSS5.8AI score0.01114EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/10/16 2:50 a.m.3 views

SUSE CVE-2024-47771

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...

7CVSS7AI score0.00567EPSS
Exploits0References6
NVD
NVD
added 2024/10/15 4:15 p.m.11 views

CVE-2024-47779

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS0.00417EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/15 3:28 p.m.40 views

CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS0.00417EPSS
Exploits0References2
OSV
OSV
added 2024/10/15 3:28 p.m.12 views

CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS6.8AI score0.00417EPSS
Exploits0References4
NVD
NVD
added 2024/10/15 3:15 p.m.22 views

CVE-2024-47771

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...

7CVSS0.00567EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/15 3:2 p.m.19 views

CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...

7CVSS7.1AI score0.00567EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/15 3:2 p.m.23 views

CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...

7CVSS0.00567EPSS
Exploits0References3
CVE
CVE
added 2024/10/15 3:2 p.m.58 views

CVE-2024-47771

CVE-2024-47771 affects Element Desktop. Versions 1.11.70–1.11.80 expose access tokens under crafted conditions, with at least one vector identified (malicious widgets); other vectors may exist. Red Hat/SUSE/OpenSUSE advisories confirm the issue and recommend upgrading to Element Desktop/Web 1.11....

7CVSS6.8AI score0.00567EPSS
Exploits0References3
OSV
OSV
added 2024/10/15 3:2 p.m.10 views

CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...

7CVSS6.6AI score0.00567EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.3 views

PT-2024-32808 · Element · Element Desktop

Name of the Vulnerable Software and Affected Versions: Element Desktop versions 1.11.70 through 1.11.80 Description: The issue concerns a vulnerability in Element Desktop, a Matrix client for desktop platforms, which can lead to the exposure of access tokens to third parties under specially craft...

7CVSS7.2AI score0.00567EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.3 views

PT-2024-32811 · Element · Element Web

Name of the Vulnerable Software and Affected Versions: Element Web versions 1.11.70 through 1.11.80 Description: The issue is related to the exposure of access tokens to third parties under specially crafted conditions. At least one vector has been identified, involving malicious widgets, but oth...

7CVSS7.1AI score0.00417EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2024/10/15 12:0 a.m.7 views

element-web -- Potential exposure of access token via authenticated media

Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors...

7CVSS7.1AI score0.00417EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/14 1:19 p.m.5 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.121...

9.1CVSS7.5AI score0.01114EPSS
Exploits0Affected Software1
CVE
CVE
added 2024/10/11 8:30 a.m.43 views

CVE-2024-8913

CVE-2024-8913 affects The Plus Addons for Elementor (WordPress) up to version 5.6.11. The issue arises from the render function in modules/widgets/tp_accordion.php, enabling authenticated attackers with Contributor-level access and above to expose sensitive information (private, pending, and draf...

4.3CVSS4.7AI score0.00368EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/10 9:58 p.m.5 views

Malicious code in @copilot-web-widgets/ai-writer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 370d6b958dcc6a556f2ee4be3946c6a1a995bb05d4217f408f2302dd397689a2 The OpenSSF Package Analysis project identified '@copilot-web-widgets/ai-writer' @ 1.13.1 npm as malicious. It is considered malicious because: ...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/10 7:10 p.m.6 views

Malicious code in @copilot-web-widgets/common-core-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 148c6b43da3f4ec787aa611cf721a390eab6918627604a9405d817955e2c472b The OpenSSF Package Analysis project identified '@copilot-web-widgets/common-core-sdk' @ 1.11.0 npm as malicious. It is considered malicious...

7.1AI score
Exploits0
Rows per page
Query Builder