CVE Catalog

A stored cross-site scripting vulnerability has been identified in the Font Awesome Integration plugin for WordPress, affecting versions 5.0 and prior. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'fawesome' shortcode. This vulnerability allows authenticated attackers with contributor-level or higher permissions to inject arbitrary web scripts into pages, which are executed when users access the affected page.

A stored cross-site scripting vulnerability has been identified in the Font Awesome More Icons plugin for WordPress, affecting versions through 3.5. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'icon' shortcode. This vulnerability allows authenticated attackers with contributor-level or higher permissions to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A stored cross-site scripting vulnerability has been identified in the Simple Cloudflare Turnstile plugin for WordPress, affecting versions through 1.23.1. The issue arises from inadequate input sanitization and output escaping on user-supplied attributes within the 'gravity-simple-turnstile' shortcode. This vulnerability allows authenticated attackers with contributor-level or higher permissions to inject arbitrary scripts into pages, which are executed when users access the affected page.

A vulnerability in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS, and Safari, allows for arbitrary code execution. This issue arises from a use-after-free vulnerability that can be exploited by processing maliciously crafted web content. Apple has acknowledged reports of this vulnerability being actively exploited in the wild on versions of iOS prior to 16.7.

A vulnerability allowing local privilege escalation has been identified in the kernel of multiple Apple products, including iOS, iPadOS, macOS Monterey, and macOS Ventura. This vulnerability could allow a local attacker to elevate privileges, potentially leading to unauthorized access or control. Apple is aware of reports suggesting that this vulnerability may have been actively exploited in versions of iOS prior to 16.7.

A vulnerability exists in multiple Apple products, including iOS, iPadOS, macOS Ventura, and watchOS, due to improper certificate validation. This issue allows a malicious app to bypass signature validation, potentially leading to unauthorized actions or access. Apple has acknowledged reports of this vulnerability being actively exploited in versions of iOS prior to 16.7. The vulnerability is fixed in iOS 16.7, iPadOS 16.7, and macOS Ventura 13.6.

A vulnerability exists in several Apple products, including iOS, iPadOS, macOS, tvOS, and watchOS, where processing a font file can result in arbitrary code execution. This issue has been actively exploited in versions of iOS prior to 15.7.1. The vulnerability arises from improper cache handling in the FontParser component.

A buffer overflow vulnerability has been identified in the ImageIO component of Apple iOS, iPadOS, and macOS. This vulnerability arises from improper memory handling when processing maliciously crafted images, potentially leading to arbitrary code execution. The issue has been addressed in multiple recent updates, including iOS 16.6.1, iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, and macOS Big Sur 11.7.10. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A validation issue in the Wallet application on Apple devices can lead to arbitrary code execution. This vulnerability affects iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2. The issue arises from improper handling of attachments, which could be exploited to execute malicious code. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A vulnerability exists in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. It could allow an unauthenticated, remote attacker to perform a brute force attack to identify valid username and password combinations. Additionally, an authenticated, remote attacker could misuse this vulnerability to establish a clientless SSL VPN session with an unauthorized user. This issue arises from improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. Exploitation involves specifying a default connection profile or tunnel group while conducting a brute force attack or when using valid credentials to establish a clientless SSL VPN session. Successful exploitation could enable an attacker to identify valid credentials for unauthorized remote access VPN sessions or, in the case of Cisco ASA Software Release 9.16 or earlier, to establish an unauthorized clientless SSL VPN session.

A stored cross-site scripting vulnerability has been identified in the Font Awesome 4 Menus plugin for WordPress, affecting versions through 4.7.0. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'fa' and 'fa-stack' shortcodes. This vulnerability allows authenticated attackers with contributor-level or higher permissions to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A vulnerability allowing PHP external variable modification has been identified in Juniper Networks Junos OS, specifically on EX Series and SRX Series devices. This vulnerability allows an unauthenticated, network-based attacker to remotely execute code by manipulating the PHP execution environment. The issue arises from the J-Web component, where attackers can send crafted requests that modify important environment variables, particularly PHPRC. This modification enables the injection and execution of arbitrary code. The vulnerability affects all versions prior to 20.4R3-S9, as well as specific 21.x, 22.x, and 23.2 versions, with the exception of certain patched releases.

A PHP external variable modification vulnerability has been identified in Juniper Networks Junos OS on EX Series switches. This vulnerability allows an unauthenticated, network-based attacker to manipulate important PHP environment variables. By sending a crafted request, an attacker can modify these variables, leading to a partial loss of integrity, which may be exploited in conjunction with other vulnerabilities. The issue affects all versions of Junos OS on EX Series prior to 20.4R3-S9, as well as specific 21.x, 22.x, and 23.2 versions.

A vulnerability in the WebKit component of multiple Apple products, including macOS Monterey, iOS, iPadOS, tvOS, and watchOS, allows for arbitrary code execution. This issue arises from improper memory handling, which could be exploited by processing maliciously crafted web content or images.

A reflected cross-site scripting vulnerability has been identified in the AGP Font Awesome Collection WordPress plugin, affecting versions through 3.2.4. This vulnerability allows unauthenticated users to inject malicious scripts that could be executed when visitors access the compromised site.

A vulnerability in the Cloudflare WARP client for Windows, prior to version 2023.7.160.0, allows interception of DNS queries under certain network conditions. While the client typically assigns loopback IPv4 addresses for DNS servers, it instead assigns Unique Local Addresses for IPv6 when connected to an IPv6-capable network. This could potentially direct DNS queries to unknown devices on the local network, enabling an attacker to monitor the DNS requests. The issue arises when the device is connected to a rogue Wi-Fi network that supports IPv6 and assigns the same IPv6 address as the WARP client uses for its DNS server.

A vulnerability in Discourse prior to version 3.1.0.beta7 in the 'beta' and 'tests-passed' branches allows for the reuse of Content Security Policy (CSP) nonces. This issue could enable cross-site scripting (XSS) attacks to bypass CSP protections for anonymous users. While no XSS vectors are currently known, the vulnerability could be exploited if such a vector were discovered. The stable branch of Discourse is not affected by this vulnerability.

A vulnerability exists across various Apple operating systems, including iOS, iPadOS, macOS, tvOS, and watchOS, allowing apps to modify sensitive kernel state. This issue has been reported to have been actively exploited in versions of iOS prior to 15.7.1.

A vulnerability in WebKit, the rendering engine used by Safari and other applications, allows for arbitrary code execution when processing maliciously crafted web content. This issue affects multiple Apple products, including iOS, iPadOS, macOS Ventura, Safari, and tvOS. The vulnerability arises from insufficient checks in WebKit's handling of web content, which could lead to memory corruption and exploitation. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP Engine PHP Compatibility Checker plugin for WordPress, affecting versions 1.5.2 and prior. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A cross-site scripting vulnerability has been identified in the GoogleAnalyticsMetrics extension for MediaWiki, affecting versions through 1.39.3. The issue arises because the googleanalyticstrackurl parser function fails to properly escape JavaScript in the onclick handler and does not block the use of javascript: URLs. This oversight allows for the injection of malicious JavaScript, which could be executed in the context of the user's browser.

A type confusion vulnerability has been identified in WebKit, the rendering engine used by Apple Safari and other applications that process HTML. This vulnerability is present in multiple Apple products, including iOS 16.5.1, iPadOS 16.5.1, iOS 15.7.7, iPadOS 15.7.7, macOS Ventura 13.4.1, and Safari 16.5.1. The vulnerability arises from inadequate checks when processing maliciously crafted web content, which may lead to arbitrary code execution. Notably, this issue may have been actively exploited in the wild.

A memory corruption vulnerability has been identified in the WebKit component of multiple Apple products, including macOS Ventura, iOS 16.4, iPadOS 16.4, and iOS 15.7.7 and iPadOS 15.7.7. This vulnerability arises from improper state management when processing web content, which may lead to arbitrary code execution. Notably, there are reports suggesting that this issue may have been actively exploited in the wild on certain versions of iOS prior to 15.7.

A vulnerability exists in multiple Apple products, including iOS, iPadOS, macOS, and watchOS, due to an integer overflow that was not properly validated. This flaw could enable an application to execute arbitrary code with kernel privileges. Apple has acknowledged reports of this vulnerability being actively exploited in versions of iOS prior to 15.7.

A vulnerability in WebKit, the engine used by Apple Safari and other applications for HTML processing, allows remote attackers to escape the Web Content sandbox. This issue affects multiple Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. The vulnerability was addressed with improved bounds checks, but not before it was reported to have been actively exploited.

A use-after-free vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. This vulnerability arises from improper memory management, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. The issue has been addressed in the latest versions of these operating systems and applications.

A vulnerability allowing an out-of-bounds read has been identified in the WebKit component used by multiple Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. This vulnerability arises from insufficient input validation, which can lead to the unintentional disclosure of sensitive information when processing maliciously crafted web content. The issue has been addressed in the latest versions of these operating systems and applications.

A reflected cross-site scripting vulnerability has been identified in the WordPress Continuous Image Carousel With Lightbox plugin, affecting versions through 1.0.15. This vulnerability allows attackers to inject malicious scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WPBakery Page Builder plugin for WordPress, affecting versions prior to 6.13.0. This vulnerability allows authenticated users with contributor privileges or higher to inject malicious scripts that will be executed when visitors access the affected site.

A vulnerability in the Cloudflare WARP client for Windows, in versions prior to 2023.3.381.0, allowed remote access to the warp-svc.exe binary. This issue arose from inadequate access control on an IPC Named Pipe, enabling attackers to send WARP connect and disconnect commands, as well as retrieve network diagnostics and application configuration from the victim's device. Exploitation required the target device to be accessible on port 445, to permit NULL session authentication, or to have knowledge of the target's credentials.

A stored cross-site scripting vulnerability has been identified in the Responsive Tabs For WPBakery Page Builder WordPress plugin, affecting versions through 1.1. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with a contributor role or higher to execute stored cross-site scripting attacks.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the HasThemes HT Easy GA4 (Google Analytics 4) WordPress plugin, affecting versions through 1.0.6. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A reflected cross-site scripting vulnerability has been identified in the Team Circle Image Slider With Lightbox plugin for WordPress, affecting versions through 1.0.17. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Conlabz GmbH WP Google Tag Manager plugin for WordPress, affecting versions 1.1 and prior. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A remote command injection vulnerability has been identified in the Barracuda Email Security Gateway (ESG) appliance, affecting versions 5.1.3.001 prior to 9.2.0.006. The vulnerability arises from improper input validation of user-supplied .tar files, specifically regarding the names of the files within the archive. This flaw allows remote attackers to craft file names that, when processed, execute system commands using Perl's qx operator, with the same privileges as the Barracuda Email Security Gateway. This vulnerability was exploited to gain unauthorized access to some ESG appliances, leading to the deployment of persistent backdoors via a trojanized module named SALTWATER, according to Barracuda and Mandiant.

A remote code execution vulnerability exists in Apache RocketMQ versions 5.1.0 and prior, as well as in versions through 4.9.5. This vulnerability arises from several components, including NameServer, Broker, and Controller, being exposed to the extranet without proper permission verification. Attackers can exploit this flaw by using the update configuration function to execute commands as the system user under which RocketMQ is running. Additionally, the vulnerability can be exploited by forging content that adheres to the RocketMQ protocol.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the SlickRemix Feed Them Social plugin for WordPress, specifically in versions through 3.0.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A reflected cross-site scripting vulnerability has been identified in the Video Carousel Slider with Lightbox plugin for WordPress, affecting versions through 1.0.22. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the search_term parameter. These scripts could be executed if a user is tricked into clicking a link.

A buffer under-read vulnerability has been identified in the FormData API of Cloudflare Workerd, prior to version v1.20230419.0. This vulnerability arises from an integer overflow issue that occurs when a FormData instance contains more than 2^31 elements. In such cases, the forEach() method may read from incorrect memory locations during iteration, potentially leading to a segmentation fault or arbitrary undefined behavior. Although this vulnerability was not exploitable on the Cloudflare Workers platform, it could theoretically be exploited on workerd deployments on machines with substantial memory. To exploit this vulnerability remotely, an attacker would need to upload a form-encoded HTTP request of several gigabytes, which would then be parsed and iterated over using request.formData() and formData.forEach().

A reflected cross-site scripting vulnerability has been identified in the WP Engine Advanced Custom Fields Pro and Free plugins, affecting versions 6.1.5 and prior. This vulnerability allows unauthenticated users to inject malicious scripts that could be executed by users with administrative privileges, potentially leading to the theft of sensitive information or privilege escalation on the WordPress site.

A stored cross-site scripting vulnerability has been identified in the Mega Addons For WPBakery Page Builder WordPress plugin, affecting versions prior to 4.3.0. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A stored cross-site scripting vulnerability has been identified in the Ultimate Carousel for WPBakery Page Builder WordPress plugin, affecting versions through 2.6. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with a contributor role or higher to execute stored cross-site scripting attacks.

A session validation vulnerability has been identified in Apache Superset versions prior to and including 2.0.1. The issue arises in installations that have not changed the default SECRET_KEY, which is used to sign session cookies and encrypt sensitive database information. This vulnerability allows an attacker to authenticate and access unauthorized resources. However, it does not impact Superset administrators who have modified the SECRET_KEY as recommended. All Superset installations should set a unique, secure, random SECRET_KEY.

A local file inclusion (LFI) vulnerability has been identified in the Pricing Tables for WPBakery Page Builder WordPress plugin, affecting versions prior to 3.0. The vulnerability arises because the plugin fails to properly validate certain shortcode attributes before using them to generate file paths for include functions. This oversight allows authenticated users, including subscribers, to exploit the vulnerability and perform LFI attacks.

A stored cross-site scripting vulnerability has been identified in the Pricing Tables for WPBakery Page Builder WordPress plugin, affecting versions prior to 3.0. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on a page or post. This flaw enables users with a contributor role or higher to execute stored cross-site scripting attacks.

A cross-site scripting vulnerability has been identified in the Google Analytics Top Content Widget Plugin for WordPress, affecting versions prior to 1.5.6. The issue arises from an unknown functionality in the file class-tgm-plugin-activation.php, allowing remote attackers to inject malicious scripts.

A vulnerability allowing an out-of-bounds write has been identified in the IOSurfaceAccelerator component of Apple iOS, iPadOS, and macOS. This issue could enable an application to execute arbitrary code with kernel privileges. The vulnerability arises from insufficient input validation. Apple has acknowledged reports of active exploitation of this vulnerability.

A use-after-free vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS Ventura, and Safari. This vulnerability arises from improper memory management, which can be exploited by processing maliciously crafted web content, leading to arbitrary code execution. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A reflected cross-site scripting vulnerability has been identified in the WordPress Amazon S3 Plugin, affecting versions prior to 1.6. The issue arises because the plugin fails to properly sanitize and escape a parameter before displaying it on the page. This vulnerability could be exploited against users with high privileges, such as administrators.

A reflected cross-site scripting vulnerability has been identified in the I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin for WordPress, affecting versions through 1.0.15. This vulnerability allows attackers to inject malicious scripts that could be executed when users visit the affected site.