CVE Catalog

A vulnerability exists in the Gallery Blocks with Lightbox WordPress plugin in versions prior to 3.0.8. The issue arises from an AJAX endpoint accessible to all authenticated users, including subscribers. This endpoint's callback function permits various actions, with the most critical being the ability to read and modify WordPress options. Exploiting this could enable registration of users with a default administrator role.

A critical information disclosure vulnerability has been identified in the 'angular-server-side-configuration' package, specifically in versions 15.0.0 prior to 15.1.0. This vulnerability arises from the package's environment variable detection feature, which, in version 15.0.0, was expanded to search the entire project workspace. In a monorepo setup that includes a Node.js backend, this could result in unintended exposure of environment variables meant for the backend, by writing them to an 'ngssc.json' file. During deployment, these variables could be populated into the application's 'index.html' file, thereby exposing sensitive information. However, this vulnerability does not impact standard Angular projects without a backend component.

A local privilege escalation vulnerability has been identified in the cloudflared installer for Windows 32-bit devices, affecting versions through 2023.3.0. The issue arises because the MSI installer was dependent on a world-writable directory, allowing a local attacker without administrative rights to exploit symbolic links. By creating a symlink from the writable directory to a target file, the attacker can manipulate the installer's repair function to delete or replace files in restricted locations, potentially compromising the device. It is important to note that this vulnerability does not impact the cloudflared client itself, only the installer for 32-bit Windows.

A vulnerability allowing unrestricted language file uploads has been identified in Sitecore XP/XM version 10.3. This issue arises from the import languages functionality, which can be exploited by authenticated users to upload arbitrary files, such as web shells, that facilitate direct code execution on the content management server.

A Cross-Site Scripting (XSS) vulnerability exists in the DataTables jQuery plugin, specifically in version 1.9.2. This vulnerability allows attackers to execute arbitrary JavaScript by exploiting the sBaseName parameter in the _fnCreateCookie function. When this parameter is exposed, a malicious user can inject JavaScript code that gets executed in the context of the user's browser.

A vulnerability allowing reCaptcha bypass has been identified in the Metform Elementor Contact Form Builder plugin for WordPress, affecting versions through 3.2.1. The issue arises from inadequate server-side validation of the captcha response during form submissions. This flaw enables unauthenticated attackers to circumvent Captcha protections, potentially allowing bots to submit forms automatically.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Conversios All-in-One Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin, affecting versions through 5.2.3. This vulnerability allows attackers to manipulate plugin settings by exploiting the absence of proper CSRF protections.

A vulnerability exists in the WP Meta SEO plugin for WordPress, specifically in versions through 4.5.3. The issue arises from a missing capability check in the 'wpmsGGSaveInformation' function, allowing authenticated attackers with subscriber-level access to unauthorizedly update Google Analytics options managed by the plugin. This vulnerability stems from the plugin's reliance on nonce checks for access control, with the nonce being available to all authenticated users, regardless of their role.

A type confusion vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS, and Safari. This vulnerability allows for arbitrary code execution when processing maliciously crafted web content. It affects several different versions and/or ranges of these operating systems and applications.

A copy-paste cross-site scripting (XSS) vulnerability has been identified in the textAngular editor for Angular.js, affecting versions through 1.5.16. This vulnerability requires the victim to be tricked into pasting a malicious payload into the editor.

A stored cross-site scripting vulnerability has been identified in the Shortcode for Font Awesome WordPress plugin, affecting versions prior to 1.4.1. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A stored cross-site scripting vulnerability has been identified in the WP Font Awesome WordPress plugin, affecting versions prior to 1.7.9. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A request smuggling vulnerability has been identified in HAProxy versions prior to 2.7.3. This vulnerability may allow for a bypass of access control and routing rules by exploiting the HTTP/1 header parsing. The issue arises because the HAProxy HTTP header parsers can inadvertently accept empty header field names, leading to the unintentional loss of HTTP/1 headers in certain situations. As a result, some headers may disappear after being processed, creating opportunities to manipulate access controls. While the impact is limited for HTTP/2 and HTTP/3, where headers are discarded before processing, the vulnerability can still cause a denial-of-service by disrupting routing rules and access controls.

A remote code execution vulnerability has been identified in the Extensive VC Addons for WPBakery Page Builder WordPress plugin, affecting versions prior to 1.9.1. The vulnerability arises because the plugin fails to properly validate a parameter passed to the PHP extract function when loading templates. This lack of validation allows an unauthenticated attacker to manipulate the template path, potentially leading to the reading of arbitrary files from the host's file system. Furthermore, this file inclusion can be escalated to remote code execution by exploiting PHP filter chains.

A stored cross-site scripting vulnerability has been identified in the Lightbox Gallery WordPress plugin, affecting versions prior to 0.9.5. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

A stored cross-site scripting vulnerability has been identified in the Better Font Awesome WordPress plugin, affecting versions prior to 2.0.4. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on pages or posts. This flaw enables users with contributor roles and above to inject malicious scripts that are stored and executed later.

A directory traversal vulnerability has been identified in JSZip versions prior to 3.8.0. The issue arises in the 'loadAsync' function, where filenames are not properly sanitized when extracting files from a ZIP archive. This flaw makes the library susceptible to a Zip Slip attack, allowing an attacker to access files outside the intended directory, overwrite executable files, and execute arbitrary commands on the system.

A stored cross-site scripting vulnerability has been identified in the Font Awesome WordPress plugin, affecting versions prior to 4.3.2. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on the page. This flaw enables users with a minimum role of contributor to execute stored cross-site scripting attacks against logged-in administrators.

A stored cross-site scripting vulnerability has been identified in the WP Video Lightbox WordPress plugin, affecting versions prior to 1.9.7. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on the page. This flaw enables users with a minimum role of contributor to execute stored cross-site scripting attacks, potentially targeting high-privilege users such as administrators.

A stored cross-site scripting vulnerability has been identified in the MonsterInsights WordPress plugin, affecting versions prior to 8.9.1. The issue arises because the plugin fails to properly sanitize or escape page titles in the top posts/pages section. This flaw allows an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to Google Analytics.

A vulnerability in the Cloudflare WARP client for Windows, in versions through 2022.10.106.0, allows for privilege escalation and the execution of arbitrary executables on the local machine. This issue arises from the 'support_uri' parameter in the local settings file (mdm.xml), which lacked proper validation. An attacker with access to the local file system could craft an XML configuration file that points to a malicious file or set a local path to an executable, using the Cloudflare Zero Trust Dashboard for clients enrolled in Zero Trust.

A cross-site scripting vulnerability has been identified in Sterc Google Analytics Dashboard for MODX, affecting versions through 1.0.5. The issue arises in the Internal Search component, specifically within the file 'core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl'. This vulnerability allows for the execution of JavaScript in the dashboard widget by manipulating internal site search queries, which could be saved and later executed.

A stored cross-site scripting vulnerability has been identified in the Responsive Lightbox2 WordPress plugin, affecting versions prior to 1.0.4. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on the page. This flaw enables users with a minimum role of contributor to execute stored cross-site scripting attacks.

A type confusion vulnerability has been identified in WebKit, the rendering engine used by Safari and other applications on iOS and macOS. This vulnerability allows maliciously crafted web content to be processed in a way that could lead to arbitrary code execution. The issue arises from improper handling of certain states, which can be exploited by attackers.

A path traversal vulnerability has been identified in GitHub Enterprise Server 3.7.0, which allows remote code execution when building a GitHub Pages site. The vulnerability arises from improper validation of file paths, enabling arbitrary file overwrites. To exploit this issue, an attacker must have permission to create and build GitHub Pages on the affected instance.

A vulnerability allowing unauthenticated remote arbitrary code execution has been identified in Citrix Application Delivery Controller (ADC) and Citrix Gateway. This issue arises in configurations using SAML Service Provider or Identity Provider, where an authentication bypass allows attackers to execute code with administrative privileges.

A remote code execution vulnerability has been identified in pdfmake versions through 0.2.5. The issue arises from an unsafe evaluation of user-controlled input, allowing arbitrary code execution in the context of the process running pdfmake. This vulnerability is present in the 'dev-playground' feature, specifically within the '/pdf' endpoint of the server.js file.

An authentication bypass vulnerability has been identified in Veeam Backup for Google Cloud, affecting versions 1.0 and 3.0. This vulnerability allows attackers to circumvent authentication mechanisms within the Backup Appliance component.

A vulnerability allowing authorization bypass has been identified in the WordPress plugin 'Theme and Plugin Translation for Polylang', in versions through 3.2.16. This vulnerability arises from inadequate capability checks in the 'process_polylang_theme_translation_wp_loaded()' function, enabling unauthenticated attackers to modify translation settings and import translation strings.

A stored cross-site scripting vulnerability has been identified in the reCAPTCHA WordPress plugin, affecting versions through 1.6. The issue arises because the plugin fails to properly sanitize and escape certain settings. This flaw enables high-privilege users, such as administrators, to execute stored XSS attacks, even in environments where the unfiltered_html capability is restricted, such as multisite setups.

A vulnerability exists in the kernel of Apple iOS and iPadOS, specifically in versions prior to 15.7.1, 16.1, and 16. This out-of-bounds write issue allows applications to execute arbitrary code with kernel privileges. The vulnerability has been reported to be actively exploited.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Topdigitaltrends Mega Addons for WPBakery Page Builder plugin, specifically in versions 4.2.7 and prior. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A vulnerability in the Apple kernel, present in iOS, iPadOS, and macOS, allows an application to execute arbitrary code with kernel privileges. This issue has been addressed with improved bounds checks. Apple is aware of reports that this vulnerability may have been actively exploited.

A stored cross-site scripting vulnerability has been identified in the Slickr Flickr WordPress plugin, affecting versions through 2.8.1. The issue arises because the plugin fails to properly sanitize and escape its settings. This flaw allows high-privilege users, such as administrators, to execute cross-site scripting attacks, even when the unfiltered_html capability is not permitted.

A vulnerability exists in the Login No Captcha reCAPTCHA WordPress plugin in versions prior to 1.7. The issue arises because the plugin fails to properly validate IP addresses, allowing attackers to spoof whitelisted IPs and bypass captcha requirements on the login screen.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Better Font Awesome plugin for WordPress, specifically in versions through 2.0.1. This vulnerability allows an attacker to trick a user into performing actions they did not intend to, potentially leading to unauthorized changes or updates.

A resource exhaustion vulnerability has been identified in the Panva JOSE library, specifically in versions 1.28.1 prior to 1.28.2, 2.0.5, 3.20.3, and 4.9.1. The issue arises in the PBKDF2-based JWE key management algorithms, which require a JOSE Header Parameter named 'p2c' (PBES2 Count). This parameter dictates the number of PBKDF2 iterations to be performed when deriving a CEK wrapping key. While the 'p2c' parameter is intended to slow down key derivation and make password brute-force attacks more challenging, it creates a vulnerability when JWEs are received from untrusted sources. An adversary can exploit this by selecting a very high 'p2c' value, causing a CPU-bound operation that consumes excessive processing time. The vulnerability affects users who decrypt JWEs from untrusted parties using symmetric secrets, without properly managing the accepted JWE Key Management Algorithms.

A denial-of-service vulnerability has been identified in Undertow, affecting versions prior to 2.2.15. The issue arises when certain calls are made over HTTP/2, causing the client-side invocation timeout to be triggered. This flaw can be exploited by an attacker to disrupt service availability.

A vulnerability exists in Apple iOS and macOS that involves an out-of-bounds write issue. This vulnerability has been addressed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. The issue allows an application to execute arbitrary code with kernel privileges. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A vulnerability has been identified in the WebKit component of Apple iOS, iPadOS, macOS Monterey, and Safari. This vulnerability involves an out-of-bounds write issue that was addressed with improved bounds checking. However, processing maliciously crafted web content could still lead to arbitrary code execution. Apple is aware of reports that this vulnerability may have been actively exploited.

A vulnerability exists in Palo Alto Networks PAN-OS URL filtering policy that could enable a network-based attacker to perform reflected and amplified TCP denial-of-service (RDoS) attacks. This issue affects PA-Series hardware firewalls, VM-Series virtual firewalls, and CN-Series container firewalls. The vulnerability arises from a misconfiguration where a URL filtering profile with blocked categories is assigned to a source zone with an external facing interface. Such a configuration is atypical for URL filtering and is likely unintended. When exploited, the denial-of-service attack can obscure the attacker's identity, making it appear as though the Palo Alto firewall is the source of the attack.

A vulnerability exists in F5 BIG-IP versions 16.1.x prior to 16.1.2.2, 15.1.x prior to 15.1.6.1, and 14.1.x prior to 14.1.5. When an HTTP2 profile is active on a virtual server, certain undisclosed traffic can unintentionally increase memory usage. This rise in memory consumption can degrade system performance, potentially causing the Traffic Management Microkernel (TMM) process to crash or require a manual restart. This issue represents a data plane problem, with no exposure to the control plane.

A cross-site scripting (XSS) vulnerability has been identified in the BxSlider WP plugin for WordPress, affecting versions through 2.0.0. This vulnerability allows authenticated users with contributor roles or higher to inject malicious scripts into the website, which could be executed when visitors view the site.

A reflected cross-site scripting vulnerability has been identified in the WP Video Lightbox WordPress plugin, affecting versions prior to 1.9.5. The issue arises because the plugin does not properly escape the $_SERVER['REQUEST_URI'] parameter before including it in an attribute. This flaw could be exploited in older web browsers.

A cross-site scripting vulnerability has been identified in the jQuery UI Checkboxradio widget, affecting versions prior to 1.13.2. When a checkboxradio widget is initialized on an input within a label, the label's contents are treated as the input label. If the initial HTML includes encoded entities, calling '.checkboxradio("refresh")' will decode them, potentially leading to the execution of JavaScript. This vulnerability is particularly concerning if the label content is based on user input, as it could allow for the injection and execution of malicious scripts.

A vulnerability exists in the Atlassian Questions for Confluence app, specifically for Confluence Server and Data Center. The app creates a user account named 'disabledsystemuser' in the 'confluence-users' group, using a hard-coded password. This allows remote, unauthenticated attackers who know the password to access Confluence content available to 'confluence-users' group members. The vulnerable versions are 2.7.34, 2.7.35, and 3.0.2.

A command injection vulnerability has been identified in the Apache Spark UI, specifically in versions 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1. This vulnerability arises when Access Control Lists (ACLs) are enabled through the configuration option 'spark.acls.enable'. In such cases, the 'HttpSecurityFilter' can be exploited by impersonating a user and injecting commands that are executed in the context of the user under which Spark is running. This issue was disclosed as CVE-2022-33891 and is being tracked as SPARK-38992.

A cross-site scripting (XSS) vulnerability has been identified in all versions of Angular and AngularJS packages. This issue arises from insecure page caching in Internet Explorer, which permits the interpolation of <textarea> elements. As a result, an attacker could inject malicious scripts that are executed in the context of the user's browser.

A partial path traversal vulnerability has been identified in the AWS SDK for Java S3 component, specifically in version 1.12.260 and prior. The issue arises in the TransferManager's downloadDirectory method, where the validation of S3 object keys can be bypassed. This allows a knowledgeable actor to include a UNIX double-dot in the key, potentially retrieving a directory from their S3 bucket that is one level up in the filesystem from their current working directory. The vulnerability is limited to directories that match the specified destinationDirectory prefix. If this method is used to download contents from an untrusted bucket, files can be written outside the intended destination directory.

A denial-of-service vulnerability has been identified in quic-go versions through 0.27.0. This issue allows remote attackers to cause excessive CPU consumption by sending incomplete QUIC or HTTP/3 requests, exploiting a Slowloris-like technique. The vulnerability arises from a misinterpretation of the MTU Discovery service in the file mtu_discoverer.go, leading to an overflow of the probe timer.