CVE Database

Search and browse vulnerability records from NVD

Showing 50 of 93927 CVEs

CVE ID Severity Description EPSS Published
6.4 MEDIUM

The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

0.1% 2024-04-25
4.3 MEDIUM

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.

0.1% 2024-04-25
5.9 MEDIUM

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

0.5% 2024-04-25
7.5 HIGH

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

2.7% 2024-04-25
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df ("binder: add function to copy binder object from buffer"), likely removed due to redundancy at the time.

0.2% 2024-04-25
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.

0.0% 2024-04-25
5.9 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)

0.2% 2024-04-25
4.7 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V's fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc() ---------------- ------------------------- ----------- NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected.

0.0% 2024-04-25
4.9 MEDIUM

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

0.2% 2024-04-24
6.0 MEDIUM

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.

0.0% 2024-04-24
8.7 HIGH

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.

43.4% 2024-04-24
8.8 HIGH

A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

0.5% 2024-04-24
8.5 HIGH

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in Arbitrary Code Execution. This is because backups are serialized/deserialized using Java's Object Serialization Stream Protocol, which can allow constructing any class in the app, unless properly restricted. To exploit this vulnerability, an attacker would need to build a backup file containing the exploit, and then persuade a user into importing it. During the import process, the malicious code would be executed, possibly crashing the app, stealing user data from the NewPipe app, performing nasty actions through Android APIs, and attempting Android JVM/Sandbox escapes through vulnerabilities in the Android OS. The attack can take place only if the user imports a malicious backup file, so an attacker would need to trick a user into importing a backup file from a source they can control. The implementation details of the malicious backup file can be independent of the attacked user or the device they are being run on, and do not require additional privileges. All NewPipe versions from 0.13.4 to 0.26.1 are vulnerable. NewPipe version 0.27.0 fixes the issue by doing the following: Restrict the classes that can be deserialized when calling Java's Object Serialization Stream Protocol, by adding a whitelist with only innocuous data-only classes that can't lead to Arbitrary Code Execution; deprecate backups serialized with Java's Object Serialization Stream Protocol; use JSON serialization for all newly created backups (but still include an alternative file serialized with Java's Object Serialization Stream Protocol in the backup zip for backwards compatibility); show a warning to the user when attempting to import a backup where the only available serialization mode is Java's Object Serialization Stream Protocol (note that in the future this serialization mode will be removed completely).

0.0% 2024-04-24
6.0 MEDIUM

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

0.2% 2024-04-24
8.6 HIGH

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.

24.4% 2024-04-24
6.5 MEDIUM

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.

0.1% 2024-04-24
7.1 HIGH

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3. An app may be able to corrupt coprocessor memory.

0.0% 2024-04-24
6.5 MEDIUM

A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.

0.1% 2024-04-24
3.3 LOW

This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked.

0.2% 2024-04-24
9.8 CRITICAL

Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60.

0.4% 2024-04-24
9.8 CRITICAL

Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.

0.1% 2024-04-24
8.2 HIGH

Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.

0.1% 2024-04-24
5.3 MEDIUM

Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5.

0.1% 2024-04-24
6.5 MEDIUM

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.

0.1% 2024-04-24
6.5 MEDIUM

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.

0.1% 2024-04-24
4.3 MEDIUM

Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1.

0.1% 2024-04-24
4.1 MEDIUM

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212.

0.1% 2024-04-24
9.8 CRITICAL

Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.

0.1% 2024-04-24
5.3 MEDIUM

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4.

0.1% 2024-04-24
5.4 MEDIUM

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.

0.0% 2024-04-24
5.3 MEDIUM

Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.

0.1% 2024-04-24
5.3 MEDIUM

Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4.

0.1% 2024-04-24
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1.

0.1% 2024-04-24
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3.

0.1% 2024-04-24
5.5 MEDIUM

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue.

0.1% 2024-04-24
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3.

0.1% 2024-04-24
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8.

0.1% 2024-04-24
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116.

0.1% 2024-04-24
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0.

0.1% 2024-04-24
N/A

Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare.This issue affects YITH WooCommerce Compare: from n/a through <= 2.37.0.

0.1% 2024-04-24
5.3 MEDIUM

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.

0.1% 2024-04-24
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

0.2% 2024-04-24
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0.

0.1% 2024-04-24
N/A

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.6.3.

0.2% 2024-04-24
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125.

0.1% 2024-04-24
6.1 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

0.1% 2024-04-24
3.7 LOW

Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.

0.1% 2024-04-24
6.5 MEDIUM

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5.

0.4% 2024-04-24
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through 1.2.5.

0.1% 2024-04-24
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5.

0.1% 2024-04-24