| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
vulnerability exists when an authenticated attacker modifies folder names within the context of
the product. |
| A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx()
If a link does not have an assigned channel yet, mt7996_vif_link returns
NULL. We still need to store the updated queue settings in that case, and
apply them later.
Move the location of the queue params to within struct mt7996_vif_link. |
| A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
| The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. |
| The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation |
| A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections. |
| The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| When system.enableCrossNamespaceCommands is enabled (on by default), the Temporal server permits certain workflow task commands (e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution) to target a different namespace than the namespace authorized at the gRPC boundary. The frontend authorizes RespondWorkflowTaskCompleted based on the outer request namespace, but the history service later resolves and executes the command using the namespace embedded in command attributes without authorizing the caller for that target namespace. This can allow a worker authorized for one namespace to create, signal, or cancel workflows in another namespace.
This issue affects Temporal: through 1.29.1. Fixed in 1.27.4, 1.28.2, 1.29.2. |
| This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems. |
| An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories. |
| This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path. |
| Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the fetchWithRetry method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27877. |
| An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. |
| A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component. |
| Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27769. |
| The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Fix UAF race between device unplug and FW event processing
The function panthor_fw_unplug() will free the FW memory sections.
The problem is that there could still be pending FW events which are yet
not handled at this point. process_fw_events_work() can in this case try
to access said freed memory.
Simply call disable_work_sync() to both drain and prevent future
invocation of process_fw_events_work(). |
