CVE Catalog

A stored cross-site scripting vulnerability has been identified in the FancyBox for WordPress plugin, affecting versions 3.0.2 to 3.3.3. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator-level permissions to inject arbitrary scripts. This vulnerability is triggered when a user accesses a page containing the injected script, and it specifically impacts multi-site installations where unfiltered HTML has been disabled.

A vulnerability in Thales Imperva SecureSphere Web Application Firewall (WAF) version 14.7.0.40 allows remote attackers to bypass WAF rules that inspect POST data. This could enable exploitation of vulnerabilities in protected web applications that would normally be blocked by the WAF. The issue arises from the WAF's handling of Content-Encoding headers, which can be manipulated to evade detection and filtering of malicious POST data.

A deserialization vulnerability allowing PHP object injection has been identified in the WP Engine WP Migrate plugin, affecting versions through 2.6.10. This vulnerability could be exploited to execute arbitrary code, inject SQL, traverse directories, cause a denial of service, and more, if a suitable object injection chain is available.

A stored cross-site scripting vulnerability has been identified in the Interfacelab Media Cloud plugin for WordPress, specifically in versions through 4.5.24. This vulnerability allows for improper neutralization of input during web page generation, which could enable the injection of malicious scripts that are executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in Livemesh Addons for WPBakery Page Builder, affecting versions through 3.7. This vulnerability arises from improper input neutralization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected page.

A Content-Type allowlist bypass vulnerability has been identified in CarrierWave, a file upload solution for Ruby web frameworks like Rails and Sinatra. This vulnerability affects versions prior to 3.0.7 and prior to 2.2.6. The issue arises when uploading files to object storage, such as Amazon S3, where it's possible to manipulate the Content-Type value. By sending multiple values separated by commas, a bypass can occur, allowing an unauthorized Content-Type to be interpreted by browsers. This bypassed value could potentially be exploited to execute cross-site scripting (XSS) attacks.

A stored cross-site scripting vulnerability has been identified in the WPBakery Page Builder Addons by Livemesh plugin for WordPress, affecting all versions through 3.8.1. The vulnerability arises from inadequate input sanitization and output escaping on user-supplied attributes, particularly within the 'per_line_mobile' shortcode. This flaw allows authenticated attackers with contributor-level or higher permissions to inject arbitrary scripts into pages, which are executed when users access the compromised page.

A SQL injection vulnerability has been identified in the Conversios - Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress. This vulnerability exists in all versions through 7.0.7 and allows authenticated attackers with subscriber-level access and above to exploit the 'valueData' parameter. The issue arises from inadequate escaping of user-supplied data and insufficient preparation of the SQL query, enabling attackers to append malicious SQL queries to existing ones and extract sensitive information from the database.

A cross-site scripting (XSS) vulnerability exists in Amazon AWS aws-js-s3-explorer version 1.0.0. The issue arises when a crafted S3 bucket name is entered into a prompt, which is not properly sanitized before being displayed. This flaw allows for the injection of malicious scripts that can be executed in the user's browser.

A memory corruption vulnerability has been identified in the RTKit component of multiple Apple operating systems, including iOS, iPadOS, macOS, tvOS, and watchOS. This vulnerability allows an attacker with arbitrary kernel read and write capabilities to bypass kernel memory protections. The issue has been addressed with improved validation. Notably, there are reports suggesting that this vulnerability may have been exploited in the wild.

A memory corruption vulnerability has been identified in the RTKit component of Apple's software, affecting multiple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. This vulnerability allows an attacker with arbitrary read and write access to kernel memory to potentially bypass kernel memory protections. The issue has been addressed with improved validation. Notably, Apple is aware of reports suggesting that this vulnerability may have been exploited.

An authentication bypass vulnerability has been identified in JetBrains TeamCity versions prior to 2023.11.4. This vulnerability allows users to bypass authentication mechanisms and perform administrative actions within the application.

A vulnerability allowing arbitrary code execution has been identified in pdfmake version 0.2.9. This issue arises from a crafted POST request to the '/pdf' endpoint, which is only accessible after installing a test framework outside of the pdfmake application. While the vulnerability has been disputed, it highlights a significant security concern, as the code can be executed without proper authorization.

A vulnerability exists in the Schema & Structured Data for WP & AMP plugin for WordPress, in all versions through 1.26. The issue arises from a lack of proper capability checks in the 'saswp_reviews_form_render' function, allowing authenticated attackers with contributor access or higher to unauthorizedly modify the plugin's reCaptcha site and secret keys. This could disrupt the functionality of reCaptcha on the site.

A time-based SQL injection vulnerability has been identified in the Conversios WordPress plugin, specifically in the Google Analytics 4 (GA4), Meta Pixel, and Google Tag Manager integration for WooCommerce. This vulnerability exists in all versions of the plugin up to and including 7.0.7. The issue arises in the 'ee_syncProductCategory' function, where insufficient escaping of user-supplied data in the 'conditionData', 'valueData', 'productArray', 'exclude', and 'include' parameters allows authenticated attackers with subscriber access or higher to inject additional SQL queries. Exploitation of this vulnerability could lead to unauthorized access to sensitive information in the database.

A denial-of-service vulnerability has been identified in NGINX Plus and NGINX Open Source versions 1.25.0 prior to 1.25.4, and 1.26.0, when the experimental HTTP/3 QUIC module is enabled. Undisclosed requests can cause NGINX worker processes to crash, disrupting traffic until the process restarts.

A denial-of-service vulnerability has been identified in NGINX Plus and NGINX Open Source versions 1.25.0 prior to 1.25.4, as well as in NGINX Plus R3x. When the experimental HTTP/3 QUIC module is enabled, undisclosed requests can lead to the termination of NGINX worker processes. This disruption causes a temporary outage as the NGINX process restarts.

A vulnerability exists in the Getwid – Gutenberg Blocks plugin for WordPress, affecting all versions through 2.0.3. The issue arises from a lack of proper capability checks in the recaptcha_api_key_manage function, allowing authenticated attackers with subscriber-level access or higher to unauthorizedly add, modify, or delete 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.

A vulnerability allowing arbitrary file uploads has been identified in the Unlimited Addons for WPBakery Page Builder plugin for WordPress, affecting versions through 1.0.42. This issue arises from inadequate validation of file types in the 'importZipFile' function. As a result, authenticated attackers with roles granted access to the plugin (typically editors or contributors) can upload arbitrary files to the server, potentially leading to remote code execution.

A stored cross-site scripting vulnerability has been identified in the SlickNav Mobile Menu WordPress plugin, affecting versions through 1.9.2. This issue allows for improper neutralization of input during web page generation, enabling the injection of malicious scripts that are executed when users visit the affected site.

A type confusion vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS, tvOS, and Safari. This vulnerability allows for arbitrary code execution when processing maliciously crafted web content. It affects several different versions and/or ranges of these operating systems. The issue is linked to the Coruna exploit, which has been reported to be actively exploited.

A stored cross-site scripting vulnerability has been identified in the Font Awesome 4 Menus WordPress plugin, affecting versions through 4.7.0. The issue arises because the plugin fails to properly sanitize and escape certain settings. This flaw enables high-privilege users, such as administrators, to execute stored XSS attacks, even in environments where the unfiltered_html capability is restricted, such as multisite setups.

A vulnerability exists in the Slick Social Share Buttons plugin for WordPress, in versions through 2.4.11. The issue arises from a missing capability check in the 'dcssb_ajax_update' function, allowing authenticated attackers with subscriber-level permissions or higher to arbitrarily modify site options.

A vulnerability exists in the CAOS | Host Google Analytics Locally WordPress plugin, specifically in versions through 4.7.14. The issue arises from a missing capability check in the 'update_settings' function, allowing unauthenticated attackers to modify plugin settings. This unauthorized data modification could lead to various impacts, depending on the nature of the changed settings.

A use-after-free vulnerability has been identified in Apple iOS and iPadOS. This vulnerability allows an application to execute arbitrary code with kernel privileges. It affects multiple versions of iOS and iPadOS, including iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7. The vulnerability arises from improper memory management, which has been addressed in the latest versions of the operating systems.

A vulnerability allowing an attacker with arbitrary read and write capabilities to bypass Pointer Authentication has been identified in multiple Apple products, including iOS, iPadOS, macOS Ventura, tvOS, and watchOS. This vulnerability arises from a time-of-check/time-of-use (TOCTOU) memory corruption issue. Apple is aware of reports suggesting that this vulnerability may have been exploited in earlier iOS versions before iOS 15.7.1.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Metform Elementor Contact Form Builder plugin for WordPress, affecting all versions through 3.8.1. The vulnerability arises from inadequate nonce validation in the 'contents' function, allowing unauthenticated attackers to manipulate specific options related to HubSpot integration. By tricking a site administrator into clicking a link, an attacker could connect their HubSpot account to the victim's Metform, potentially leading to unauthorized access to leads and contacts.

A vulnerability in the Ovic Responsive WPBakery WordPress plugin, affecting versions prior to 1.2.9, allows authenticated users with a subscriber or higher role to exploit AJAX actions that lack proper validation. This oversight enables them to modify critical blog options, such as 'users_can_register' and 'default_role'. Additionally, the plugin's practice of unserializing user input could lead to Object Injection attacks.

A denial-of-service vulnerability has been identified in Wireshark version 4.2.0, where the HTTP3 dissector crashes when processing malformed QPACK data. This issue can be triggered by injecting problematic packets or by opening a crafted capture file that contains the malformed data.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Brainstorm Force Ultimate Addons for WPBakery Page Builder, specifically in versions through 3.19.17. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A URL redirection vulnerability allowing untrusted site redirection (open redirect) has been identified in the CRM Perks Integration for HubSpot, Contact Form 7, WPForms, Elementor, and Ninja Forms. This vulnerability affects versions through 1.2.8.

A privilege escalation vulnerability has been identified in the One Identity Password Manager Secure Password Extension, affecting versions prior to 5.13.1. This vulnerability allows a local, pre-authenticated attacker to escape from Kiosk mode and execute commands with SYSTEM privileges on the login screen of a Windows client. The issue arises because the Password Manager Extension, which facilitates Active Directory password resets, launches a Chromium-based browser in Kiosk mode. Exploitation involves navigating through Google ReCAPTCHA links to access external websites, ultimately leading to the execution of command-line applications with elevated permissions.

A URI path traversal vulnerability has been identified in the AWS SDK for PHP, specifically in version 3 prior to 3.288.1. The issue arises in the 'buildEndpoint' method of the RestSerializer component, where requests to S3 object keys or prefixes containing a Unix double-dot can lead to arbitrary object access. This vulnerability exists because the 'buildEndpoint' method uses the Guzzle Psr7 UriResolver utility, which removes dot segments from the request path according to RFC 3986. Under certain conditions, this can be exploited to access unintended objects.

A vulnerability exists in the SSH transport protocol with certain OpenSSH extensions, prior to version 9.6, as well as in several other products. This vulnerability allows remote attackers to bypass integrity checks by omitting certain packets from the extension negotiation message. As a result, a client and server may end up with a connection that has downgraded or disabled security features, known as a Terrapin attack. The issue arises from a mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol, particularly affecting the use of ChaCha20-Poly1305 and CBC with Encrypt-then-MAC. The vulnerability is present in multiple SSH implementations, including libraries and tools such as PuTTY, AsyncSSH, and Paramiko, among others.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Block for Font Awesome plugin, affecting versions through 1.4.0. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A stored cross-site scripting vulnerability has been identified in the Livemesh WPBakery Page Builder Addons plugin, affecting versions through 3.5. This vulnerability allows attackers to inject malicious scripts that are executed when users visit the affected site.

A vulnerability allowing improper access control has been identified in Fortinet FortiOS versions 7.2.0, 7.0.13 and below, 6.4.14 and below, as well as FortiProxy versions 7.2.3 and below, 7.0.9 and below, and 2.0.12 and below. This vulnerability may enable a remote unauthenticated attacker to bypass the firewall deny geolocation policy by timing the bypass with a GeoIP database update.

A denial-of-service vulnerability has been identified in the H2O HTTP server, specifically in versions through 2.3.0-beta, due to a state exhaustion issue in the QUIC stack (quicly) used by the server. When H2O is handling HTTP/3 requests, a remote attacker can exploit this vulnerability to gradually increase the memory usage of the QUIC stack, leading to memory exhaustion and causing H2O to crash. This vulnerability does not affect HTTP/1 or HTTP/2, as they do not utilize QUIC.

A vulnerability in the h2o HTTP server in versions through 2.3.0-beta2 allows for misdirection of TLS session resumption, potentially leading to interception of HTTPS request contents. This issue arises when h2o listens on multiple addresses or ports with different backend servers, and a malicious backend entity can observe or inject packets. The vulnerability allows an attacker to redirect a client's TLS connection resume request to a different server address or port, where the same h2o instance is listening, but controlled by the attacker. As a result, HTTPS requests from the client may be forwarded to the attacker's server.

A cross-site scripting (XSS) vulnerability has been identified in Uptime Kuma versions 1.20.0 through 1.23.6. The issue arises from the Google Analytics element, which is susceptible to attribute injection. The custom status interface allows users to set a unique Google Analytics ID, but the template does not properly sanitize this input. As a result, an attacker can inject malicious attributes that lead to XSS attacks.

A memory corruption vulnerability has been identified in WebKit, the rendering engine used by Safari and other applications on Apple devices. This vulnerability affects multiple Apple products, including iOS, iPadOS, macOS, and Safari, and has been reported to be actively exploited in the wild. The issue arises from improper input validation, which can lead to out-of-bounds reads and, ultimately, arbitrary code execution when processing maliciously crafted web content.

A vulnerability in WebKit, the rendering engine used by Safari and other applications, has been identified. This issue involves an out-of-bounds read that could lead to the unintentional disclosure of sensitive information when processing maliciously crafted web content. The vulnerability is present in multiple Apple products, including iOS, iPadOS, macOS, and Safari, and affects several different versions and ranges. Notably, there are reports suggesting that this vulnerability may have been actively exploited in the wild, particularly in versions of iOS prior to 16.7.1.

A SQL injection vulnerability has been identified in the Popup with Fancybox plugin for WordPress, affecting versions through 3.5. The issue arises from inadequate escaping of user-supplied parameters in the plugin's shortcode, allowing authenticated attackers with subscriber-level or higher permissions to inject additional SQL queries. This exploitation could lead to unauthorized access to sensitive information in the database.

A buffer underrun vulnerability has been identified in the Cap'n Proto KJ HTTP library, specifically in versions 1.0 and 1.0.1. When WebSocket compression is enabled, a remote peer can cause the underrun, which writes a constant, non-attacker-controlled value into a heap-allocated buffer. This behavior is likely to result in a crash, facilitating a remote denial-of-service attack. Although most users of Cap'n Proto and KJ are unlikely to have this feature enabled, it is suspected that the vulnerability affects only the Cloudflare Workers Runtime.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Vsourz Digital CF7 Invisible reCAPTCHA WordPress plugin, specifically in versions through 1.3.3. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A stored cross-site scripting vulnerability has been identified in the Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin, affecting versions through 1.7.14. This vulnerability allows authenticated users with administrative privileges to inject malicious scripts that are executed when other users visit the site.

A stored cross-site scripting vulnerability has been identified in the Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin, affecting versions through 3.19.14. This vulnerability allows authenticated users with contributor privileges or higher to inject malicious scripts that will be executed when other users visit the affected site.

A remote code execution vulnerability has been identified in the Java OpenWire protocol marshaller of Apache ActiveMQ. This issue affects versions 5.18.0 prior to 5.18.3, 5.17.0 prior to 5.17.6, 5.16.0 prior to 5.16.7, and all versions prior to 5.15.16. The vulnerability allows a remote attacker with network access to an OpenWire broker or client to execute arbitrary shell commands. This is achieved by manipulating serialized class types in the OpenWire protocol, causing the client or broker to instantiate any class on the classpath.

A reflected cross-site scripting vulnerability has been identified in the WordPress Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin, affecting versions through 6.5.3. This vulnerability allows attackers to inject malicious scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WP Font Awesome plugin for WordPress, affecting versions through 1.7.9. The issue arises from inadequate input sanitization and output escaping of the 'icon' attribute in user-supplied shortcodes. This vulnerability allows authenticated attackers with contributor-level or higher permissions to inject arbitrary scripts into pages, which are executed when users access the affected pages.