π¨ CVE-2024-50573
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
π@cveNotify
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2024-50574
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
π@cveNotify
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
π@cveNotify
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2024-50576
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
π@cveNotify
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2024-50577
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
π@cveNotify
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2024-4902
The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the βcourse_idβ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the βcourse_idβ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
π¨ CVE-2024-5612
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βeael_lightbox_open_btn_iconβ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βeael_lightbox_open_btn_iconβ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
Essential Addons for Elementor
Changelog | Essential Addons for Elementor
Feb 22, 2026
π¨ CVE-2023-6491
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
π@cveNotify
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
π@cveNotify
π¨ CVE-2024-3288
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
WPScan
Logo Slider < 4.0.0 - Contributor+ Stored XSS
See details on Logo Slider < 4.0.0 - Contributor+ Stored XSS CVE 2024-3288. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-42508
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
π@cveNotify
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
π@cveNotify
π¨ CVE-2024-49978
In the Linux kernel, the following vulnerability has been resolved:
gso: fix udp gso fraglist segmentation after pull from frag_list
Detect gso fraglist skbs with corrupted geometry (see below) and
pass these to skb_segment instead of skb_segment_list, as the first
can segment them correctly.
Valid SKB_GSO_FRAGLIST skbs
- consist of two or more segments
- the head_skb holds the protocol headers plus first gso_size
- one or more frag_list skbs hold exactly one segment
- all but the last must be gso_size
Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can
modify these skbs, breaking these invariants.
In extreme cases they pull all data into skb linear. For UDP, this
causes a NULL ptr deref in __udpv4_gso_segment_list_csum at
udp_hdr(seg->next)->dest.
Detect invalid geometry due to pull, by checking head_skb size.
Don't just drop, as this may blackhole a destination. Convert to be
able to pass to regular skb_segment.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
gso: fix udp gso fraglist segmentation after pull from frag_list
Detect gso fraglist skbs with corrupted geometry (see below) and
pass these to skb_segment instead of skb_segment_list, as the first
can segment them correctly.
Valid SKB_GSO_FRAGLIST skbs
- consist of two or more segments
- the head_skb holds the protocol headers plus first gso_size
- one or more frag_list skbs hold exactly one segment
- all but the last must be gso_size
Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can
modify these skbs, breaking these invariants.
In extreme cases they pull all data into skb linear. For UDP, this
causes a NULL ptr deref in __udpv4_gso_segment_list_csum at
udp_hdr(seg->next)->dest.
Detect invalid geometry due to pull, by checking head_skb size.
Don't just drop, as this may blackhole a destination. Convert to be
able to pass to regular skb_segment.
π@cveNotify
π¨ CVE-2023-3329
SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.
π@cveNotify
SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.
π@cveNotify
π¨ CVE-2023-35677
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2023-35680
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
π@cveNotify
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
π@cveNotify
π¨ CVE-2022-48669
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Fix potential memleak in papr_get_attr()
`buf` is allocated in papr_get_attr(), and krealloc() of `buf`
could fail. We need to free the original `buf` in the case of failure.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Fix potential memleak in papr_get_attr()
`buf` is allocated in papr_get_attr(), and krealloc() of `buf`
could fail. We need to free the original `buf` in the case of failure.
π@cveNotify
π¨ CVE-2024-25676
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.
π@cveNotify
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.
π@cveNotify
π¨ CVE-2024-24192
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
π@cveNotify
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
π@cveNotify
GitHub
heap buffer overflow Β· Issue #8 Β· robertdavidgraham/robdns
in line robdns/src/zonefile-insertion.c Line 161 in d76d2e6 memcpy(block->filename, parser->src.filename, sizeof(block->filename)); in some case the size of block->filename will surpass...
π¨ CVE-2024-24195
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
π@cveNotify
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
π@cveNotify
GitHub
load of misaligned address Β· Issue #9 Β· robertdavidgraham/robdns
in line robdns/src/zonefile-insertion.c Line 35 in d76d2e6 line_number = *(unsigned*)(&buf[i]); unsigned int need a 4-byte aligned to be loaded, but the address of unsigned char is not 4-byte a...
π¨ CVE-2024-10276
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-37845
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
π@cveNotify
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
π@cveNotify
GitHub
Disclosures/CVE-2024-37845 RCE.pdf at main Β· herombey/Disclosures
Vulnerability Disclosures. Contribute to herombey/Disclosures development by creating an account on GitHub.