WordPress Master Addons plugin <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.4...

WordPress plugin Master Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an obfuscated agent in handleCreateConferenceComplete of ConnectionServiceWrapper.java. An attacker can exploit this vulnerability to obtain...

PT-2024-37510 · WordPress · The Master Addons

Name of the Vulnerable Software and Affected Versions: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress versions up to, and including 2.0.6.4 Description: The issue is related to Stored Cross-Site Scripting via the...

PT-2024-28970 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the handleCreateConferenceComplete function in ConnectionServiceWrapper.java, where a confused deputy could lead to revealing...

CVE-2024-44973

This CVE (CVE-2024-44973) concerns the Linux kernel SLUB allocator. The root cause is that freeing of kfence objects was moved out of do_slab_free but missed a spot in __kmem_cache_free_bulk, leading to a crash chain involving skbuff_head_cache and slab_err (mm/slub.c). The impact described is a ...

GHSA-P2Q9-36VW-C468 olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

PT-2024-40386 · Olm-Rs +3 · Olm-Rs +3

Name of the Vulnerable Software and Affected Versions: olm-sys affected versions not specified olm-rs affected versions not specified Description: The Matrix Foundation has officially deprecated the libolm library due to several publicly disclosed cryptographic vulnerabilities. As a result,...

olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

CVE-2024-5061

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapperclass’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

PT-2024-34355 · WordPress · Enfold

Name of the Vulnerable Software and Affected Versions: Enfold - Responsive Multi-Purpose Theme versions up to, and including, 6.0.3 Description: The Enfold theme for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper class and class parameters due to insufficient input...

PT-2024-9765 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: A flaw was found in the cURL wrapper in Moodle, which strips HTTPAUTH and USERPWD headers during emulated redirects but retains other original request headers. This could lead to HTTP...

Fedora: Security Advisory (FEDORA-2024-c678f46845)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-V784-FJJH-F8R4 Nuxt vulnerable to remote code execution via the browser when running the test locally

Summary Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Details While running the test, a special component named NuxtTestComponentWrapper is...

PT-2024-25801

Name of the Vulnerable Software and Affected Versions Nuxt affected versions not specified Description The issue arises from insufficient validation of the path parameter in the NuxtTestComponentWrapper, allowing an attacker to execute arbitrary JavaScript on the server side. This enables the...

CVE-2024-2455

The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Element Pack Pro plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Wrapper Link URL vulnerability discovered by Francesco Carlucci in WordPress Plugin Element Pack Pro versions = 7.9.0...

OESA-2024-1889 python-zipp security update

A pathlib-compatible Zipfile object wrapper. A backport of the Path object. Security Fixes: A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an...