🚨 CVE-2024-43920
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
🎖@cveNotify
Patchstack
WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability…
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
🚨 CVE-2024-38858
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
🎖@cveNotify
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
🎖@cveNotify
Checkmk
Werk #17232: Synthetic Monitoring: Fix XSS vector in HTML logs displayed in UI
The user interface offers the option to display the HTML logs of monitored synthetic tests. These
logs are generated on the host where the test is executed and are theref
logs are generated on the host where the test is executed and are theref
🚨 CVE-2024-7932
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2024-7938
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2024-7939
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2024-8004
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2024-8380
A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
CVE/SourceCodester_Contact_Manager_delete_contact_sqli.md at main · jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
🚨 CVE-2024-37136
Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.
🎖@cveNotify
Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.
🎖@cveNotify
🚨 CVE-2024-44920
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.
🎖@cveNotify
GitHub
nn0nkey/CVE-2024-44920.md at main · nn0nkey/nn0nkey
lll. Contribute to nn0nkey/nn0nkey development by creating an account on GitHub.
🚨 CVE-2024-44921
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
🎖@cveNotify
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
🎖@cveNotify
GitHub
nn0nkey/CVE-2024-44921.md at main · nn0nkey/nn0nkey
lll. Contribute to nn0nkey/nn0nkey development by creating an account on GitHub.
🚨 CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
🎖@cveNotify
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
🎖@cveNotify
GitHub
[3.12] gh-121285: Remove backtracking when parsing tarfile headers (G… · python/cpython@4eaf489
…H-121286) (GH-123543)
gh-121285: Remove backtracking when parsing tarfile headers (GH-121286)
* Remove backtracking when parsing tarfile headers
* Rewrite PAX header parsing to be stricter
*...
gh-121285: Remove backtracking when parsing tarfile headers (GH-121286)
* Remove backtracking when parsing tarfile headers
* Rewrite PAX header parsing to be stricter
*...
🚨 CVE-2023-46763
Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.
🎖@cveNotify
Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.
🎖@cveNotify
🚨 CVE-2023-46764
Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.
🎖@cveNotify
Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.
🎖@cveNotify
🚨 CVE-2023-46756
Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
🎖@cveNotify
Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
🎖@cveNotify
🚨 CVE-2023-46757
The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.
🎖@cveNotify
The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.
🎖@cveNotify
🚨 CVE-2023-46758
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
🎖@cveNotify
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
🎖@cveNotify
🚨 CVE-2023-46759
Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.
🎖@cveNotify
Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.
🎖@cveNotify
🚨 CVE-2023-46363
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.
🎖@cveNotify
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.
🎖@cveNotify
GitHub
GitHub - agl/jbig2enc: JBIG2 Encoder
JBIG2 Encoder. Contribute to agl/jbig2enc development by creating an account on GitHub.
🚨 CVE-2024-43965
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
🎖@cveNotify
Patchstack
WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
🚨 CVE-2024-41346
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php
🎖@cveNotify
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php
🎖@cveNotify
GitHub
XSS vulnerability_3 · Issue #1479 · jpatokal/openflights
Hello, I would like to report for a XSS vulnerability in openflights. The path of the vulnerability. In file https://github.com/jpatokal/openflights/blob/master/php/submit.php $uid = $_SESSION[&quo...
🚨 CVE-2024-41347
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php
🎖@cveNotify
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php
🎖@cveNotify
GitHub
XSS vulnerability_1 · Issue #1477 · jpatokal/openflights
Hello, I would like to report for a xss vulnerability in openflights. The path of the vulnerability. In file https://github.com/jpatokal/openflights/blob/master/php/settings.php $type = $_POST[&quo...