CVE-2024-2695

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius', 'services' and...

CVE-2024-2695

CVE-2024-2695 affects Shariff Wrapper for WordPress (versions up to and including 4.6.13). The flaw is Stored XSS via the shariff shortcode due to insufficient input sanitization and output escaping of attributes (e.g., borderradius, timestamp). Exploitation requires authenticated access at contr...

CVE-2024-2695 Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius', 'services' and...

WordPress plugin Shariff Wrapper security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...

WordPress Shariff Wrapper plugin <= 4.6.13 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shariff versions = 4.6.13...

Shariff Wrapper < 4.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius',...

Malicious code in blueprint-org-planning-app-adp-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ce904784ecde9ca4b860730c45d27dbca01912380066fe5415b10d3f17f0af8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library. (CVE-2024-29131, CVE-2024-29133)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on...

Malicious code in portfolio-organism-adp-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41eb756462a90039b0df22968214c17f7b6bbf6a4aaf0db84da2266a6e33813d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1584 Malicious code in portfolio-organism-adp-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41eb756462a90039b0df22968214c17f7b6bbf6a4aaf0db84da2266a6e33813d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37169

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

URL to PNG Security Vulnerability

URL to PNG is an application by Jason Raimondi Personal Developer. A security vulnerability exists in URL to PNG prior to version 2.0.3, which originates from the ability to read arbitrary files via a file wrapper via Playwright's screenshot feature...

Joomla core 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1 - Unauthenticated XSS in Wrapper extensions vulnerability

Unauthenticated XSS in Wrapper extensions vulnerability discovered by ? in WordPress Core Joomla versions 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1...

[20240704] - Core - XSS in Wrapper extensions

The wrapper extensions do not correctly validate inputs, leading to XSS vectors...

GHSA-665W-MWRR-77Q3 Arbitrary file read via Playwright's screenshot feature exploiting file wrapper

Impact All users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47 Patches v2.0.3 requires input url to be of protocol http or https Workarounds Requires upgrade. References - https://github.com/jasonraimondi/url-to-png/issues/47 -...

SUSE CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

traceroute: improper command line parsing

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines...