Malicious code in easypydb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6bba8fa7c973e17898962b7fa6aebecdd0d9149b9e3a1f078bbc57f5e4bf7f0a The package is a wrapper around "s1db" package, which offers some kind of easy online database. However, this package silently exfiltrates credentials given by...

MAL-2024-12261 Malicious code in easypydb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6bba8fa7c973e17898962b7fa6aebecdd0d9149b9e3a1f078bbc57f5e4bf7f0a The package is a wrapper around "s1db" package, which offers some kind of easy online database. However, this package silently exfiltrates credentials given by...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

CVE-2022-2446

CVE-2022-2446 affects the WP Editor WordPress plugin. The vulnerability is a PHAR deserialization issue via the current_theme_root parameter in versions up to and including 1.2.9. An authenticated attacker with administrative privileges who can upload a serialized payload can trigger deserializat...

WordPress plugin WP Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2024-11530 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to, and including 1.2.9 Description: The issue allows deserialization of untrusted input via the current theme root parameter. This enables authenticated attackers with administrative privileges to...

CVE-2024-40656

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2024-6282

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output...

WordPress Master Addons plugin <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.4...

WordPress plugin Master Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an obfuscated agent in handleCreateConferenceComplete of ConnectionServiceWrapper.java. An attacker can exploit this vulnerability to obtain...

PT-2024-28970 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the handleCreateConferenceComplete function in ConnectionServiceWrapper.java, where a confused deputy could lead to revealing...

PT-2024-37510 · WordPress · The Master Addons

Name of the Vulnerable Software and Affected Versions: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress versions up to, and including 2.0.6.4 Description: The issue is related to Stored Cross-Site Scripting via the...

CVE-2024-44973

This CVE (CVE-2024-44973) concerns the Linux kernel SLUB allocator. The root cause is that freeing of kfence objects was moved out of do_slab_free but missed a spot in __kmem_cache_free_bulk, leading to a crash chain involving skbuff_head_cache and slab_err (mm/slub.c). The impact described is a ...

GHSA-P2Q9-36VW-C468 olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

PT-2024-40386 · Olm-Rs +3 · Olm-Rs +3

Name of the Vulnerable Software and Affected Versions: olm-sys affected versions not specified olm-rs affected versions not specified Description: The Matrix Foundation has officially deprecated the libolm library due to several publicly disclosed cryptographic vulnerabilities. As a result,...

olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

CVE-2024-5061

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapperclass’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...