π¨ CVE-2023-6557
The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts.
π@cveNotify
The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts.
π@cveNotify
π¨ CVE-2024-27312
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.
Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
π@cveNotify
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.
Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
π@cveNotify
ManageEngine PAM360
Privileged access management (PAM) solution | ManageEngine PAM360
Comprehensive privileged access management solution for uncompromising enterprise IT security. Achieve complete privileged access protection for your IT infrastructure systems, irrespective of where they resideβon-premises or in the cloud. Get your 30-dayβ¦
π¨ CVE-2024-7870
The PixelYourSite β Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
π@cveNotify
The PixelYourSite β Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
π@cveNotify
GitHub
pixelyoursite/pixelyoursite/includes/logger/class-pys-logger.php at main Β· WordpressPluginDirectory/pixelyoursite
Contribute to WordpressPluginDirectory/pixelyoursite development by creating an account on GitHub.
π¨ CVE-2024-8325
The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites β Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the βblockspare_render_social_sharing_blockβ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites β Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the βblockspare_render_social_sharing_blockβ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2023-6072
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
π@cveNotify
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
π@cveNotify
π¨ CVE-2024-21357
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
π@cveNotify
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
π@cveNotify
π¨ CVE-2024-9301
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
π@cveNotify
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
π@cveNotify
GitHub
security-bulletins/advisories/nflx-2024-004.md at master Β· Netflix/security-bulletins
Security Bulletins that relate to Netflix Open Source - Netflix/security-bulletins
π¨ CVE-2024-47186
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.
π@cveNotify
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.
π@cveNotify
GitHub
Merge commit from fork Β· filamentphp/filament@df79893
escape string state
π¨ CVE-2024-21455
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
π@cveNotify
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
π@cveNotify
π¨ CVE-2024-23369
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
π@cveNotify
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
π@cveNotify
π¨ CVE-2024-23370
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
π@cveNotify
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
π@cveNotify
π¨ CVE-2024-23374
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
π@cveNotify
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
π@cveNotify
π¨ CVE-2024-23376
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.
π@cveNotify
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.
π@cveNotify
π¨ CVE-2024-23378
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
π@cveNotify
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
π@cveNotify
π¨ CVE-2020-15415
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
π@cveNotify
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
π@cveNotify
GitHub
GitHub - CLP-team/Vigor-Commond-Injection
Contribute to CLP-team/Vigor-Commond-Injection development by creating an account on GitHub.
π¨ CVE-2024-21403
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
π@cveNotify
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
π@cveNotify
π¨ CVE-2024-21420
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
π@cveNotify
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
π@cveNotify
π¨ CVE-2024-46453
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
π@cveNotify
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
π@cveNotify
GitHub
GitHub - nosmo-gla/iq3xcite-XSS-2.31-3.05
Contribute to nosmo-gla/iq3xcite-XSS-2.31-3.05 development by creating an account on GitHub.
π¨ CVE-2017-10271
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
π@cveNotify
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
π@cveNotify
π¨ CVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
π@cveNotify
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
π@cveNotify