CVE Catalog

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP Engine Advanced Custom Fields PRO plugin, affecting versions prior to 6.3.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A stored cross-site scripting vulnerability has been identified in the Perfect Font Awesome Integration plugin for WordPress, affecting all versions through 2.3. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'pfai' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A remote code execution vulnerability exists in Angular Expressions versions prior to 1.4.3. The issue arises because an attacker can craft a malicious expression that escapes the sandbox environment, allowing arbitrary code execution on the system. This vulnerability can be exploited by using a complex, undisclosed payload. The vulnerability has been patched in version 1.4.3.

A stored cross-site scripting vulnerability has been identified in several WordPress plugins, including Envira Gallery Lite and Getwid, all utilizing a vulnerable version of the FancyBox JavaScript library. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes, allowing authenticated attackers with contributor-level access or higher to inject arbitrary scripts. These scripts are executed when a user accesses the affected page.

A buffer overread vulnerability has been identified in PHP versions 8.1.* prior to 8.1.31, 8.2.* prior to 8.2.26, and 8.3.* prior to 8.3.14. The issue arises in the convert.quoted-printable-decode filter, where certain data can cause a buffer overread by one byte. This vulnerability can lead to crashes or the unintentional disclosure of memory content from other areas.

In PHP versions 8.1 prior to 8.1.31, 8.2 prior to 8.2.26, and 8.3 prior to 8.3.14, an integer overflow vulnerability has been identified in the ldap_escape() function. This issue arises on 32-bit systems, where uncontrolled long string inputs can lead to an overflow, causing an out-of-bounds write. The vulnerability is particularly exploitable in PHP's Firebird and DBLIB drivers, where similar integer overflow issues have been introduced by unquoted string handling, allowing for out-of-bounds writes as well.

A vulnerability in PHP streams when using a proxy and the 'request_fulluri' option can lead to HTTP request smuggling. This issue is present in PHP versions 8.1.* prior to 8.1.31, 8.2.* prior to 8.2.26, and 8.3.* prior to 8.3.14. The vulnerability arises because the URI is not properly sanitized, allowing an attacker to inject CRLF characters. This injection can be exploited to perform arbitrary HTTP requests through the proxy, potentially accessing resources not normally available to the user.

A vulnerability exists in PHP versions 8.1.* prior to 8.1.31, 8.2.* prior to 8.2.26, and 8.3.* prior to 8.3.14. When a PHP client connects to a malicious MySQL server, it can be tricked into leaking heap memory contents. This memory may contain sensitive data from previous SQL queries or information belonging to other users on the same server. The issue arises in the MySQLnd extension while processing field packets, where improper handling can lead to over-reading of the heap buffer.

An integer overflow vulnerability has been identified in PHP versions 8.1.* prior to 8.1.31, 8.2.* prior to 8.2.26, and 8.3.* prior to 8.3.14. This vulnerability arises from uncontrolled long string inputs to the ldap_escape() function on 32-bit systems, leading to an out-of-bounds write.

A stored cross-site scripting vulnerability has been identified in the Slick Sitemap plugin for WordPress, affecting all versions up to and including 2.0.0. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'slick-sitemap' shortcode. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A cross-site scripting vulnerability has been identified in WebKit, the engine used by Safari and other Apple applications, including iOS, iPadOS, macOS Sequoia, and visionOS. This vulnerability arises from a cookie management issue that was addressed with improved state management. However, processing maliciously crafted web content could still lead to a cross-site scripting attack. Apple is aware of reports that this issue may have been actively exploited on Intel-based Mac systems.

A vulnerability allowing arbitrary code execution has been identified in the WebKit component of multiple Apple products, including Safari, iOS, iPadOS, macOS Sequoia, and visionOS. This vulnerability arises from improper handling of maliciously crafted web content. Notably, there are reports of this issue being actively exploited on Intel-based Mac systems.

A DOM-based cross-site scripting vulnerability has been identified in the Surbma Font Awesome WordPress plugin, affecting versions through 3.0. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute scripts on the site.

A stored cross-site scripting vulnerability has been identified in the Offshorent Solutions OS BXSlider WordPress plugin, specifically in versions through 2.6. This vulnerability arises from improper input sanitization during web page generation, allowing malicious actors to inject scripts that are executed when users visit the affected site.

A vulnerability exists due to the use of an unclaimed Amazon S3 bucket named 'codeconf' in an audio file link within the documentation of the 'psf/requests' repository. This bucket has been claimed by an external party. The vulnerability could lead to various issues, including data integrity problems, data leakage, availability disruptions, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for additional attacks.

A stored cross-site scripting vulnerability has been identified in the Slickstream: Engagement and Conversions plugin for WordPress, affecting all versions through 1.4.4. The issue arises from inadequate input sanitization and output escaping on user-supplied attributes in the plugin's slick-grid shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access the affected pages.

A DOM-based cross-site scripting vulnerability has been identified in the WP Grids Slicko plugin for Elementor, affecting versions through 1.2.0. This vulnerability arises from improper input neutralization during web page generation, allowing malicious actors to inject and execute scripts on the affected site.

A broken access control vulnerability has been identified in Akamai SIA ThreatAvert, specifically in the Applications Portal. This issue is present in the SPS (Security and Personalization Services) version prior to the latest 19.2.0 patch, as well as in Apps Portal versions prior to 19.2.0.3 or 19.2.0.20240814. The vulnerability allows authenticated standard users to bypass authorization controls on the ThreatAvert Policy page. By directly navigating to the policy URI, these users can disable policy enforcement, potentially impacting the application's threat management capabilities.

A reflected cross-site scripting vulnerability has been identified in the ReCaptcha Integration for WordPress plugin, affecting all versions through 1.2.5. The issue arises from the plugin's use of add_query_arg without proper escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link.

A missing authorization vulnerability has been identified in the WPEngine Advanced Custom Fields PRO plugin, affecting versions prior to 6.3.2. This vulnerability allows exploitation of incorrectly configured access control security levels, enabling unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the WPEngine Advanced Custom Fields PRO plugin, affecting versions prior to 6.3.2. This vulnerability allows exploitation of incorrectly configured access control security levels, potentially leading to unauthorized users performing actions reserved for higher privileges.

A vulnerability exists in the Amazon Application Load Balancer (ALB) OpenID Connect middleware for ASP.NET Core. This issue arises because the middleware, while it correctly validates JWT signatures, fails to properly verify the JWT issuer and signer identity. This oversight can be exploited, particularly if the ALB is configured to accept internet traffic to its targets, allowing an untrusted entity to sign JWTs. As a result, an actor could impersonate valid OIDC-federated sessions to the ALB targets.

A Cross-Site Scripting (XSS) vulnerability exists in jQuery UI version 1.13.1. This issue allows remote attackers to execute arbitrary code and access sensitive information by injecting a malicious payload into the window.addEventListener component. The vulnerability is categorized as Reflected Cross-Site Scripting, where the injected script is executed immediately when the payload is processed.

An assertion failure vulnerability has been identified in the h2o HTTP server when it is configured as a reverse proxy and handling HTTP/3 requests. If a client cancels an HTTP/3 request, h2o may crash due to the assertion failure. This crash can be exploited to disrupt service, causing a denial-of-service condition. Although the h2o standalone server typically restarts automatically, minimizing the disruption, concurrent HTTP requests that were being served will still be interrupted. The vulnerability affects h2o versions between commits 16b13ee and 15ed15a.

A vulnerability in h2o, an HTTP server supporting HTTP/1.x, HTTP/2, and HTTP/3, allows for bypassing IP address-based access control. This issue arises when HTTP requests using TLS 1.3 early data over TCP Fast Open or QUIC 0-RTT packets are received. The access control fails to detect and block requests from spoofed source addresses, enabling attackers to send HTTP requests from rejected addresses. The vulnerability affects h2o versions prior to the patch in commit 15ed15a.

A vulnerability exists in the h2o HTTP server that affects the headers configuration directive. When a header is set in an inner scope, such as at the path level, it overrides the headers defined in outer scopes, like the global level. This can result in expected headers not being sent, potentially leading to unintended behavior for clients. The issue has been observed in h2o versions prior to the patch included in commit 123f5e2.

A command injection vulnerability has been identified in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2. This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access or manipulation of system resources.

A SQL injection vulnerability has been identified in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2. This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary SQL statements. While exploitation of this vulnerability in CSA 5.0 has not been observed, it has been exploited in CSA 4.6 when chained with another vulnerability, leading to unauthorized remote code execution.

A stored cross-site scripting vulnerability has been identified in the MailOptin WordPress plugin, specifically in the Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber version 1.2.70.3 and prior. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'post-meta' shortcode. As a result, authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which will execute when a user accesses the compromised page.

A path traversal vulnerability has been identified in Ivanti Cloud Services Appliance (CSA) versions 4.6 prior to Patch 519. This vulnerability allows remote, unauthenticated attackers to access restricted functionality. The issue was inadvertently addressed in Patch 519, released on September 10, 2024. However, since Ivanti CSA 4.6 has reached end-of-life and will not receive further updates, users are advised to upgrade to Ivanti CSA 5.0.

A command injection vulnerability has been identified in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and prior. This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary commands on the underlying operating system. Exploitation of this vulnerability could lead to unauthorized access and control over the affected system.

A vulnerability exists in AngularJS due to improper sanitization of the 'srcset' attribute in '<source>' HTML elements. This flaw allows attackers to bypass standard image source restrictions, potentially leading to content spoofing. The issue affects all versions of AngularJS, which is no longer actively maintained. When exploited, this vulnerability could result in unauthorized addition or modification of data.

A vulnerability in AngularJS has been identified, stemming from improper sanitization of the 'srcset' attribute. This issue allows attackers to bypass standard image source restrictions, potentially leading to content spoofing. The vulnerability affects AngularJS versions 1.3.0-rc.4 and later. Notably, the AngularJS project is no longer actively maintained, and this vulnerability will not be addressed in future updates.

A forced browsing vulnerability has been identified in Apache OFBiz versions prior to 18.12.16. This vulnerability allows unauthorized access to rendered views by exploiting confused controller-view authorization logic. Users are advised to upgrade to version 18.12.16, which addresses this issue by introducing a new permission check for view-maps and changing the default settings for request-maps.

A stored cross-site scripting vulnerability has been identified in the HubSpot WordPress plugin, specifically in the CRM, Email Marketing, Live Chat, Forms & Analytics version 11.1.22 and prior. The issue arises from inadequate input sanitization and output escaping in the 'url' attribute of the HubSpot Meeting Widget. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected page.

A vulnerability in the V8 JavaScript engine of Google Chrome has been identified, allowing remote attackers to exploit heap corruption through a crafted HTML page. This issue affects Google Chrome versions prior to 128.0.6613.84, as well as other browsers that use the Chromium engine, such as Microsoft Edge and Opera. The vulnerability arises from an inappropriate implementation in V8, specifically in the Turboshaft compiler, where the optimization of certain instructions can be manipulated, leading to memory corruption. This flaw has been exploited in the wild, with reports indicating its use in ransomware campaigns.

A cross-site scripting (XSS) vulnerability has been identified in the CKAN open-source data management system, specifically within the Datatables view plugin. This issue affects CKAN versions 2.7.0 and later, where the plugin is activated. The vulnerability arises because the Datatables view plugin did not properly escape record data retrieved from the DataStore, creating a potential XSS vector. The Datatables view plugin is included in CKAN core but is not activated by default. However, it is widely used to preview tabular data.

A vulnerability in Apache OFBiz prior to version 18.12.15 allows incorrect authorization, potentially leading to remote code execution. This issue arises because unauthenticated endpoints may execute screen rendering code without proper permission checks, depending on the screen definitions and endpoint configurations.

A vulnerability allowing sensitive information exposure has been identified in the Forminator plugin for WordPress, affecting all versions through 1.29.1. The issue arises in the file 'class-forminator-addon-hubspot-wp-api.php', where hardcoded HubSpot API keys are exposed. This vulnerability allows unauthenticated attackers to access the HubSpot integration developer API key, potentially leading to unauthorized changes in the plugin's HubSpot integration or the exposure of personally identifiable information from users utilizing the HubSpot integration.

A cross-site scripting (XSS) vulnerability has been identified in the weDevs ReCaptcha Integration for WordPress, specifically in versions through 1.2.7. This issue allows for DOM-based XSS, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

A vulnerability allowing IP blocklist bypass through crafted requests has been identified in Fortinet FortiOS and FortiProxy. This issue arises from incorrect parsing of numbers in different radices, affecting FortiOS versions 7.4.3 and below, 7.2.8 and below, 7.0.15 and below, as well as FortiProxy versions 7.4.3 and below, 7.2.12 through 7.2.16, and 7.2.0 through 7.2.10. The vulnerability allows an unauthenticated attacker to exploit the IP address validation feature, potentially leading to unauthorized access or actions.

A vulnerability in Traefik allows for bypassing IP allow-lists through HTTP/3 early data requests in QUIC 0-RTT handshakes, using spoofed IP addresses. This issue is present in Traefik versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3. The vulnerability could be exploited by sending early data requests over QUIC with fake IP addresses, effectively circumventing any IP-based access controls.

A vulnerability exists in Apache HTTP Server in the mod_rewrite module, specifically in versions 2.4.59 and earlier. The issue arises from improper escaping of output, which allows an attacker to map URLs to filesystem locations that the server is permitted to serve but are not intentionally or directly accessible via any URL. This can lead to unauthorized code execution or disclosure of source code. The vulnerability is particularly relevant for substitutions in server context that use backreferences or variables as the first segment of the substitution. Some unsafe RewriteRules may be disrupted by this change, but the rewrite flag 'UnsafePrefixStat' can be used to revert to the previous behavior, provided the substitution is properly constrained.

A reflected cross-site scripting vulnerability has been identified in the Conversios Google Analytics 4, Meta Pixel, and other integrations via Google Tag Manager for WooCommerce plugin, all versions up to and including 7.1.0. The vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if the attacker successfully persuades a user to perform an action, such as clicking a link.

A vulnerability exists in the Ibtana - WordPress Website Builder plugin, affecting all versions up to and including 1.2.3.3. The issue arises from a missing capability check in the 'ibtana_visual_editor_register_ajax_json_endpont' function, which allows unauthenticated attackers to modify data. Specifically, attackers can update reCAPTCHA keys stored in WordPress options, potentially bypassing reCAPTCHA protections on the site.

A server-side request forgery (SSRF) vulnerability has been identified in the Computer Vision Annotation Tool (CVAT) versions 2.1.0 prior to 2.14.3. This vulnerability allows an attacker with a CVAT account to exploit custom endpoint URLs for cloud storage, targeting intranet IP addresses or internal domain names. By doing so, the attacker could probe the CVAT backend's network for HTTP(S) servers. If a compatible web server is found that allows anonymous access or accepts known credentials, the attacker could create a cloud storage link to that server. This could lead to unauthorized file listing, extraction of specific file types supported by CVAT, or overwriting files on the server with exported CVAT data.

A vulnerability exists in Fortinet FortiOS versions 7.4.0 through 7.4.3, 7.2 all versions, 7.0 all versions, 6.4 all versions, and FortiProxy versions 7.4.0 through 7.4.2, 7.2 all versions, 7.0 all versions, 2.0 all versions. This vulnerability involves the use of password hashes that lack sufficient computational effort, potentially allowing a privileged attacker with a super-admin profile and CLI access to decrypt backup files.

A path traversal vulnerability allowing PHP local file inclusion has been identified in the WP Engine Advanced Custom Fields PRO plugin, affecting versions prior to 6.2.10. This vulnerability arises from improper restrictions on pathname navigation, which could be exploited to include and execute local files on the server.

A code injection vulnerability allowing arbitrary code execution has been identified in the WP Engine Advanced Custom Fields PRO plugin, affecting versions prior to 6.2.10. This vulnerability arises from improper control over code generation, which could be exploited by contributors to execute malicious code remotely.

A critical remote code execution vulnerability has been identified in PHP versions 8.1.* prior to 8.1.29, 8.2.* prior to 8.2.20, and 8.3.* prior to 8.3.8. This vulnerability occurs when PHP is used in CGI mode on Windows, and certain code pages trigger 'Best-Fit' behavior in character encoding. Exploitation involves injecting command-line arguments that PHP misinterprets, allowing unauthorized execution of PHP code on the server. This vulnerability bypasses previous protections established for a similar issue in 2012.