Show filters
13,143 Total Results
Displaying 141-150 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-6617
Disclosure Date: September 13, 2024 (last updated September 28, 2024)
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-6493
Disclosure Date: September 13, 2024 (last updated September 28, 2024)
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-46695
Disclosure Date: September 13, 2024 (last updated September 20, 2024)
In the Linux kernel, the following vulnerability has been resolved:
selinux,smack: don't bypass permissions check in inode_setsecctx hook
Marek Gresko reports that the root user on an NFS client is able to
change the security labels on files on an NFS filesystem that is
exported with root squashing enabled.
The end of the kerneldoc comment for __vfs_setxattr_noperm() states:
* This function requires the caller to lock the inode's i_mutex before it
* is executed. It also assumes that the caller will make the appropriate
* permission checks.
nfsd_setattr() does do permissions checking via fh_verify() and
nfsd_permission(), but those don't do all the same permissions checks
that are done by security_inode_setxattr() and its related LSM hooks do.
Since nfsd_setattr() is the only consumer of security_inode_setsecctx(),
simplest solution appears to be to replace the call to
__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This
fixes the above issue and has the ad…
0
Attacker Value
Unknown
CVE-2020-24061
Disclosure Date: September 12, 2024 (last updated September 14, 2024)
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script
0
Attacker Value
Unknown
CVE-2024-8631
Disclosure Date: September 12, 2024 (last updated September 15, 2024)
A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles.
0
Attacker Value
Unknown
CVE-2024-6702
Disclosure Date: September 12, 2024 (last updated September 14, 2024)
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
0
Attacker Value
Unknown
CVE-2024-6701
Disclosure Date: September 12, 2024 (last updated September 14, 2024)
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
0
Attacker Value
Unknown
CVE-2024-6700
Disclosure Date: September 12, 2024 (last updated September 14, 2024)
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
0
Attacker Value
Unknown
CVE-2024-7766
Disclosure Date: September 12, 2024 (last updated September 27, 2024)
The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
0
Attacker Value
Unknown
CVE-2024-6887
Disclosure Date: September 12, 2024 (last updated September 27, 2024)
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0