π¨ CVE-2024-47378
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
π@cveNotify
π¨ CVE-2022-28802
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)
π@cveNotify
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)
π@cveNotify
π¨ CVE-2022-28979
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
π@cveNotify
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
π@cveNotify
Liferay
The Most Flexible DXP | AI, CMS, DAM, Low Code, Commerce
Digital Experience Platform designed for complexity. Integrates with everything: CMS β DAM β Commerce β AI β Low Code β Search β and more!
π¨ CVE-2022-32807
This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.
π@cveNotify
This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.
π@cveNotify
Apple Support
About the security content of Security Update 2022-005 Catalina
This document describes the security content of Security Update 2022-005 Catalina.
π¨ CVE-2022-32832
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
π@cveNotify
Apple Support
About the security content of watchOS 8.7
This document describes the security content of watchOS 8.7.
π¨ CVE-2022-32843
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.
π@cveNotify
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.
π@cveNotify
Apple Support
About the security content of Security Update 2022-005 Catalina
This document describes the security content of Security Update 2022-005 Catalina.
π¨ CVE-2022-28721
Certain HP Print Products are potentially vulnerable to Remote Code Execution.
π@cveNotify
Certain HP Print Products are potentially vulnerable to Remote Code Execution.
π@cveNotify
π¨ CVE-2024-6843
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
π@cveNotify
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
π@cveNotify
WPScan
SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS
See details on SmartSearch WP <= 2.4.4 - Unauthenticated Stored XSS CVE 2024-6843. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-6847
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.
π@cveNotify
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.
π@cveNotify
WPScan
SmartSearch WP <= 2.4.4 - Unauthenticated SQLi
See details on SmartSearch WP <= 2.4.4 - Unauthenticated SQLi CVE 2024-6847. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-48655
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
π@cveNotify
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
π@cveNotify
GitHub
Server Side JavaScript Code Injection Vulnerability was detected for func.js Β· Issue #49 Β· totaljs/cms
Description We have identified a Server-Side JavaScript Code Injection vulnerability in total.js Content Management System, specifically in func.js file. Server-side code injection vulnerabilities ...
π¨ CVE-2024-48191
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
π@cveNotify
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
π@cveNotify
GitHub
cms/5/readme.md at main Β· xiaoyin0226/cms
Contribute to xiaoyin0226/cms development by creating an account on GitHub.
π¨ CVE-2024-48291
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
π@cveNotify
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
π@cveNotify
GitHub
cms/4/readme.md at main Β· Gxxxxxxxxxxxxxxxxxx/cms
Contribute to Gxxxxxxxxxxxxxxxxxx/cms development by creating an account on GitHub.
π¨ CVE-2024-42835
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
π@cveNotify
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
π@cveNotify
GitHub
Code Execution vulnerability with tool PythonCodeTool Β· Issue #2908 Β· langflow-ai/langflow
Bug Description When compose an LLM app with langflow, PythonCodeTool is available to developers to implement a tool with StructuredTool in langchain. However, there is a lack of validation for the...
π¨ CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
π@cveNotify
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
π@cveNotify
GitHub
fix: sanitise and escape the `pretty` option (#3314) Β· pugjs/pug@991e78f
Pug β robust, elegant, feature rich template engine for Node.js - fix: sanitise and escape the `pretty` option (#3314) Β· pugjs/pug@991e78f
π¨ CVE-2022-31022
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a nodeβs filesystem where the bleve index resides, if the user has used bleveβs own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit
handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.
π@cveNotify
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a nodeβs filesystem where the bleve index resides, if the user has used bleveβs own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit
handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.
π@cveNotify
GitHub
Link security advisory to README (#1694) Β· blevesearch/bleve@1c7509d
A modern text/numeric/geo-spatial/vector indexing library for go - Link security advisory to README (#1694) Β· blevesearch/bleve@1c7509d
π¨ CVE-2021-43310
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
π@cveNotify
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
π@cveNotify
GitHub
Keylime: malicious reset or replay of U and V encryption
### Impact
This vulnerability allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. These new keys will break attestati...
This vulnerability allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. These new keys will break attestati...
π¨ CVE-2022-23949
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
GitHub
Validate user ID in all public interfaces Β· keylime/keylime@387e320
The user ID is read from the config file, or from some public REST API.
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
π¨ CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
GitHub
revocation_notifier: move zmq socket to /var/run/keylime Β· keylime/keylime@ea5d037
Currently we are placing the zmq IPC socket in /tmp, that can be
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...
π¨ CVE-2022-23951
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
π@cveNotify
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
π@cveNotify
GitHub
tpm: do not compress quote with zlib by default Β· keylime/keylime@6e44758
Pythons zlib decompression has no mitigations against zip bombs or similar
attacks, so we remove the compression for the quote data.
The data itself is rather small compared to the IMA or UEFI eve...
attacks, so we remove the compression for the quote data.
The data itself is rather small compared to the IMA or UEFI eve...
π¨ CVE-2025-30440
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.5 - Apple Support
This document describes the security content of macOS Sequoia 15.5.
π¨ CVE-2025-31213
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
π@cveNotify
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
π@cveNotify
Apple Support
About the security content of iPadOS 17.7.7 - Apple Support
This document describes the security content of iPadOS 17.7.7.