CVE Catalog

A vulnerability exists in multiple Apple products, including iOS, iPadOS, macOS, and watchOS, due to an integer overflow that was not properly validated. This flaw could enable an application to execute arbitrary code with kernel privileges. Apple has acknowledged reports of this vulnerability being actively exploited in versions of iOS prior to 15.7.

A vulnerability in WebKit, the engine used by Apple Safari and other applications for HTML processing, allows remote attackers to escape the Web Content sandbox. This issue affects multiple Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. The vulnerability was addressed with improved bounds checks, but not before it was reported to have been actively exploited.

A use-after-free vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. This vulnerability arises from improper memory management, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. The issue has been addressed in the latest versions of these operating systems and applications.

A vulnerability allowing an out-of-bounds read has been identified in the WebKit component used by multiple Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. This vulnerability arises from insufficient input validation, which can lead to the unintentional disclosure of sensitive information when processing maliciously crafted web content. The issue has been addressed in the latest versions of these operating systems and applications.

A reflected cross-site scripting vulnerability has been identified in the WordPress Continuous Image Carousel With Lightbox plugin, affecting versions through 1.0.15. This vulnerability allows attackers to inject malicious scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WPBakery Page Builder plugin for WordPress, affecting versions prior to 6.13.0. This vulnerability allows authenticated users with contributor privileges or higher to inject malicious scripts that will be executed when visitors access the affected site.

A vulnerability in the Cloudflare WARP client for Windows, in versions prior to 2023.3.381.0, allowed remote access to the warp-svc.exe binary. This issue arose from inadequate access control on an IPC Named Pipe, enabling attackers to send WARP connect and disconnect commands, as well as retrieve network diagnostics and application configuration from the victim's device. Exploitation required the target device to be accessible on port 445, to permit NULL session authentication, or to have knowledge of the target's credentials.

A stored cross-site scripting vulnerability has been identified in the Responsive Tabs For WPBakery Page Builder WordPress plugin, affecting versions through 1.1. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with a contributor role or higher to execute stored cross-site scripting attacks.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the HasThemes HT Easy GA4 (Google Analytics 4) WordPress plugin, affecting versions through 1.0.6. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A reflected cross-site scripting vulnerability has been identified in the Team Circle Image Slider With Lightbox plugin for WordPress, affecting versions through 1.0.17. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Conlabz GmbH WP Google Tag Manager plugin for WordPress, affecting versions 1.1 and prior. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A remote command injection vulnerability has been identified in the Barracuda Email Security Gateway (ESG) appliance, affecting versions 5.1.3.001 prior to 9.2.0.006. The vulnerability arises from improper input validation of user-supplied .tar files, specifically regarding the names of the files within the archive. This flaw allows remote attackers to craft file names that, when processed, execute system commands using Perl's qx operator, with the same privileges as the Barracuda Email Security Gateway. This vulnerability was exploited to gain unauthorized access to some ESG appliances, leading to the deployment of persistent backdoors via a trojanized module named SALTWATER, according to Barracuda and Mandiant.

A remote code execution vulnerability exists in Apache RocketMQ versions 5.1.0 and prior, as well as in versions through 4.9.5. This vulnerability arises from several components, including NameServer, Broker, and Controller, being exposed to the extranet without proper permission verification. Attackers can exploit this flaw by using the update configuration function to execute commands as the system user under which RocketMQ is running. Additionally, the vulnerability can be exploited by forging content that adheres to the RocketMQ protocol.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the SlickRemix Feed Them Social plugin for WordPress, specifically in versions through 3.0.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A reflected cross-site scripting vulnerability has been identified in the Video Carousel Slider with Lightbox plugin for WordPress, affecting versions through 1.0.22. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the search_term parameter. These scripts could be executed if a user is tricked into clicking a link.

A buffer under-read vulnerability has been identified in the FormData API of Cloudflare Workerd, prior to version v1.20230419.0. This vulnerability arises from an integer overflow issue that occurs when a FormData instance contains more than 2^31 elements. In such cases, the forEach() method may read from incorrect memory locations during iteration, potentially leading to a segmentation fault or arbitrary undefined behavior. Although this vulnerability was not exploitable on the Cloudflare Workers platform, it could theoretically be exploited on workerd deployments on machines with substantial memory. To exploit this vulnerability remotely, an attacker would need to upload a form-encoded HTTP request of several gigabytes, which would then be parsed and iterated over using request.formData() and formData.forEach().

A reflected cross-site scripting vulnerability has been identified in the WP Engine Advanced Custom Fields Pro and Free plugins, affecting versions 6.1.5 and prior. This vulnerability allows unauthenticated users to inject malicious scripts that could be executed by users with administrative privileges, potentially leading to the theft of sensitive information or privilege escalation on the WordPress site.

A stored cross-site scripting vulnerability has been identified in the Mega Addons For WPBakery Page Builder WordPress plugin, affecting versions prior to 4.3.0. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A stored cross-site scripting vulnerability has been identified in the Ultimate Carousel for WPBakery Page Builder WordPress plugin, affecting versions through 2.6. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with a contributor role or higher to execute stored cross-site scripting attacks.

A session validation vulnerability has been identified in Apache Superset versions prior to and including 2.0.1. The issue arises in installations that have not changed the default SECRET_KEY, which is used to sign session cookies and encrypt sensitive database information. This vulnerability allows an attacker to authenticate and access unauthorized resources. However, it does not impact Superset administrators who have modified the SECRET_KEY as recommended. All Superset installations should set a unique, secure, random SECRET_KEY.

A local file inclusion (LFI) vulnerability has been identified in the Pricing Tables for WPBakery Page Builder WordPress plugin, affecting versions prior to 3.0. The vulnerability arises because the plugin fails to properly validate certain shortcode attributes before using them to generate file paths for include functions. This oversight allows authenticated users, including subscribers, to exploit the vulnerability and perform LFI attacks.

A stored cross-site scripting vulnerability has been identified in the Pricing Tables for WPBakery Page Builder WordPress plugin, affecting versions prior to 3.0. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on a page or post. This flaw enables users with a contributor role or higher to execute stored cross-site scripting attacks.

A cross-site scripting vulnerability has been identified in the Google Analytics Top Content Widget Plugin for WordPress, affecting versions prior to 1.5.6. The issue arises from an unknown functionality in the file class-tgm-plugin-activation.php, allowing remote attackers to inject malicious scripts.

A vulnerability allowing an out-of-bounds write has been identified in the IOSurfaceAccelerator component of Apple iOS, iPadOS, and macOS. This issue could enable an application to execute arbitrary code with kernel privileges. The vulnerability arises from insufficient input validation. Apple has acknowledged reports of active exploitation of this vulnerability.

A use-after-free vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS Ventura, and Safari. This vulnerability arises from improper memory management, which can be exploited by processing maliciously crafted web content, leading to arbitrary code execution. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A reflected cross-site scripting vulnerability has been identified in the WordPress Amazon S3 Plugin, affecting versions prior to 1.6. The issue arises because the plugin fails to properly sanitize and escape a parameter before displaying it on the page. This vulnerability could be exploited against users with high privileges, such as administrators.

A reflected cross-site scripting vulnerability has been identified in the I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin for WordPress, affecting versions through 1.0.15. This vulnerability allows attackers to inject malicious scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WP-Buddy Google Analytics Opt-Out plugin, affecting versions through 2.3.4. This vulnerability allows authenticated users with administrative privileges to inject malicious scripts that will be executed when other users visit the affected site.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the HasThemes Really Simple Google Tag Manager WordPress plugin, specifically in versions through 1.0.6. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A local privilege escalation vulnerability has been identified in the WARP Client for Windows, specifically in versions through 2022.5.309.0. The issue arises from a hardlink created in the ProgramData folder during the software's repair process. This hardlink allows a malicious attacker to manipulate its destination, leading to the overwriting of SYSTEM protected files. Additionally, the WARP client previously permitted the creation of mount points from the ProgramData folder, further facilitating the privilege escalation.

A stored cross-site scripting vulnerability has been identified in the WPdevart Image and Video Lightbox, Image PopUp plugin for WordPress, affecting versions through 2.1.5. This vulnerability allows authenticated users with administrative privileges to inject malicious scripts that are executed when other users visit the affected site.

A vulnerability allowing improper access control has been identified in the Cloudflare WARP Client for Windows, specifically in versions through 2022.12.582.0. This vulnerability can be exploited by an unprivileged user to perform actions with SYSTEM privileges. The issue arises in the MSI installer placed under C:\Windows\Installer' after WARP is installed. By leveraging opportunistic locks and symbolic links, both of which can be created by non-admin users, the vulnerability allows for the deletion and reading of arbitrary files, potentially leading to manipulation of system files and unauthorized privilege escalation.

A pre-authentication command injection vulnerability has been identified in the warn-proceed handler of Sophos Web Appliance versions prior to 4.3.10.4. This vulnerability allows the execution of arbitrary code on the affected system.

A stored cross-site scripting vulnerability has been identified in the Image Over Image For WPBakery Page Builder WordPress plugin, affecting versions prior to 3.0. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on a page or post. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A reflected cross-site scripting vulnerability has been identified in Progress WS_FTP Server version 8.6.0. This issue arises from improper handling of user input, allowing for the execution of malicious code and commands on the client side. The vulnerability can be exploited by injecting harmful payloads into the subdirectory search bar or the 'Add folder' filename boxes. One example of exploitation is through client-side template injection via the 'subFolderPath' parameter, targeting the 'ThinClient/WtmApiService.asmx/GetFileSubTree' endpoint.

A stored cross-site scripting vulnerability has been identified in the WordPress Image Hover Effects for WPBakery Page Builder plugin, affecting versions through 4.0. This vulnerability allows authenticated users with contributor privileges or higher to inject malicious scripts that will be executed when other users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the Biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin, affecting versions through 2.8. This vulnerability allows unauthenticated users to inject malicious scripts that could be executed when visitors view the affected content.

A vulnerability exists in the Gallery Blocks with Lightbox WordPress plugin in versions prior to 3.0.8. The issue arises from an AJAX endpoint accessible to all authenticated users, including subscribers. This endpoint's callback function permits various actions, with the most critical being the ability to read and modify WordPress options. Exploiting this could enable registration of users with a default administrator role.

A critical information disclosure vulnerability has been identified in the 'angular-server-side-configuration' package, specifically in versions 15.0.0 prior to 15.1.0. This vulnerability arises from the package's environment variable detection feature, which, in version 15.0.0, was expanded to search the entire project workspace. In a monorepo setup that includes a Node.js backend, this could result in unintended exposure of environment variables meant for the backend, by writing them to an 'ngssc.json' file. During deployment, these variables could be populated into the application's 'index.html' file, thereby exposing sensitive information. However, this vulnerability does not impact standard Angular projects without a backend component.

A local privilege escalation vulnerability has been identified in the cloudflared installer for Windows 32-bit devices, affecting versions through 2023.3.0. The issue arises because the MSI installer was dependent on a world-writable directory, allowing a local attacker without administrative rights to exploit symbolic links. By creating a symlink from the writable directory to a target file, the attacker can manipulate the installer's repair function to delete or replace files in restricted locations, potentially compromising the device. It is important to note that this vulnerability does not impact the cloudflared client itself, only the installer for 32-bit Windows.

A vulnerability allowing unrestricted language file uploads has been identified in Sitecore XP/XM version 10.3. This issue arises from the import languages functionality, which can be exploited by authenticated users to upload arbitrary files, such as web shells, that facilitate direct code execution on the content management server.

A Cross-Site Scripting (XSS) vulnerability exists in the DataTables jQuery plugin, specifically in version 1.9.2. This vulnerability allows attackers to execute arbitrary JavaScript by exploiting the sBaseName parameter in the _fnCreateCookie function. When this parameter is exposed, a malicious user can inject JavaScript code that gets executed in the context of the user's browser.

A vulnerability allowing reCaptcha bypass has been identified in the Metform Elementor Contact Form Builder plugin for WordPress, affecting versions through 3.2.1. The issue arises from inadequate server-side validation of the captcha response during form submissions. This flaw enables unauthenticated attackers to circumvent Captcha protections, potentially allowing bots to submit forms automatically.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Conversios All-in-One Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin, affecting versions through 5.2.3. This vulnerability allows attackers to manipulate plugin settings by exploiting the absence of proper CSRF protections.

A vulnerability exists in the WP Meta SEO plugin for WordPress, specifically in versions through 4.5.3. The issue arises from a missing capability check in the 'wpmsGGSaveInformation' function, allowing authenticated attackers with subscriber-level access to unauthorizedly update Google Analytics options managed by the plugin. This vulnerability stems from the plugin's reliance on nonce checks for access control, with the nonce being available to all authenticated users, regardless of their role.

A type confusion vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS, and Safari. This vulnerability allows for arbitrary code execution when processing maliciously crafted web content. It affects several different versions and/or ranges of these operating systems and applications.

A copy-paste cross-site scripting (XSS) vulnerability has been identified in the textAngular editor for Angular.js, affecting versions through 1.5.16. This vulnerability requires the victim to be tricked into pasting a malicious payload into the editor.

A stored cross-site scripting vulnerability has been identified in the Shortcode for Font Awesome WordPress plugin, affecting versions prior to 1.4.1. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A stored cross-site scripting vulnerability has been identified in the WP Font Awesome WordPress plugin, affecting versions prior to 1.7.9. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A request smuggling vulnerability has been identified in HAProxy versions prior to 2.7.3. This vulnerability may allow for a bypass of access control and routing rules by exploiting the HTTP/1 header parsing. The issue arises because the HAProxy HTTP header parsers can inadvertently accept empty header field names, leading to the unintentional loss of HTTP/1 headers in certain situations. As a result, some headers may disappear after being processed, creating opportunities to manipulate access controls. While the impact is limited for HTTP/2 and HTTP/3, where headers are discarded before processing, the vulnerability can still cause a denial-of-service by disrupting routing rules and access controls.