CVE Catalog

A cross-site scripting (XSS) vulnerability has been identified in the Advanced Custom Fields (ACF) WordPress plugin, specifically in versions prior to 5.8.12. The issue arises from improper escaping of strings in Select2 dropdowns, which could be exploited to inject malicious scripts.

A directory traversal vulnerability has been identified in Apache Flink versions 1.11.0, 1.11.1, and 1.11.2. This vulnerability allows attackers to read any file on the local filesystem of the JobManager through the REST interface, accessing files that are accessible by the JobManager process.

A vulnerability in the Pearson VUE VTS Installer version 2.3.1911 allows local users to gain administrative privileges. This issue arises from the Application Wrapper component, which has an unquoted service path vulnerability and insecure file permissions in the 'C:\Pearson VUE' directory. The permissions grant full control to all users, enabling them to overwrite files and execute a Trojan horse application that could be run as the VUEService user, who has administrative rights.

A prototype pollution vulnerability has been identified in all versions of the DataTables.net package. This issue arises from an incomplete fix for a previous vulnerability, allowing for the injection of properties into JavaScript object prototypes. Such pollution can be exploited to overwrite fundamental attributes, potentially leading to denial-of-service conditions or unauthorized code execution.

A remote code execution vulnerability exists in Apache Struts versions 2.0.0 through 2.5.25. This issue arises from improper validation of user input in tag attributes, allowing for forced evaluation of Object-Graph Navigation Language (OGNL) expressions. When raw user input is evaluated, it can lead to arbitrary code execution on the server.

A memory initialization vulnerability has been identified in the XNU kernel, affecting multiple Apple operating systems, including macOS Big Sur, High Sierra, Mojave, iOS 12.4.9, iOS 14.2, iPadOS 14.2, and watchOS 6.2.9. This vulnerability may allow a malicious application to disclose kernel memory, with reports of an active exploit.

A type confusion vulnerability has been identified in the XNU kernel's turnstile management, which could allow a malicious application to execute arbitrary code with kernel privileges. This vulnerability affects multiple Apple operating systems, including macOS Big Sur, High Sierra, Mojave, iOS 12, iOS 14, iPadOS 14, and various versions of watchOS. The issue arises from improper state handling, which has been addressed in the latest updates for each affected platform.

A memory corruption vulnerability has been identified in the FontParser component of multiple Apple products, including macOS, iOS, iPadOS, and watchOS. This vulnerability allows for arbitrary code execution when processing maliciously crafted font files. It affects several different versions and ranges across these operating systems.

A vulnerability exists in October CMS versions 1.0.319 prior to 1.0.469, allowing authenticated backend users with certain permissions to bypass the Twig sandbox and execute arbitrary PHP code. This issue arises when 'cms.enableSafeMode' is enabled, as it should prevent such actions. The vulnerability can be exploited by users with 'cms.manage_pages', 'cms.manage_layouts', or 'cms.manage_partials' permissions who are not trusted to write and execute PHP code. The problem has been addressed in version 1.0.469 and 1.1.0.

A local file inclusion vulnerability has been identified in October CMS versions 1.0.421 prior to 1.0.469. This vulnerability allows unauthenticated users to read local files on the server by sending a specially crafted request. The issue arises from inadequate validation of file paths in the Halcyon Builder component, which manages file queries and template rendering.

A remote code execution vulnerability exists in Drupal Core due to improper sanitization of certain filenames in uploaded files. This flaw allows files to be misinterpreted as different extensions, potentially leading to incorrect MIME types being served or files being executed as PHP, depending on the hosting configuration. The vulnerability affects multiple Drupal versions: 9.0 (prior to 9.0.8), 8.9 (prior to 8.9.9), 8.8 (prior to 8.8.11), and 7 (prior to 7.74).

A stored cross-site scripting vulnerability has been identified in the WPBakery plugin for WordPress, affecting versions prior to 6.4.1. This vulnerability allows authenticated users with contributor or author roles to inject malicious JavaScript into posts. The issue arises because the plugin disables WordPress's standard XSS protection for these user roles, enabling the injection of unfiltered HTML and JavaScript.

A vulnerability exists in Apache Airflow versions prior to 1.10.11, where the Experimental API allowed unauthenticated access by default. This default setting posed security risks, as users could inadvertently make unprotected API requests. Although the default has been changed to deny all requests in version 1.10.11, existing users must manually update their configuration to reflect this change. The vulnerability can be exploited by creating a malicious DAG that executes arbitrary commands, leveraging the authentication bypass to gain unauthorized access.

A vulnerability exists in the CFNetwork component of multiple Apple products, including iOS, iPadOS, macOS, watchOS, and iTunes for Windows. This vulnerability allows an attacker in a privileged network position to bypass HTTP Strict Transport Security (HSTS) for certain top-level domains that are not included in the HSTS preload list. The issue arises from a configuration flaw that has now been addressed with additional restrictions.

A vulnerability exists in the CoreFoundation component of Apple iOS 13.6, iPadOS 13.6, and macOS Catalina 10.15.6. The issue arises from improper handling of environment variables, which could allow a local user to access sensitive information. This vulnerability has been addressed with improved validation of environment variables.

A memory corruption vulnerability has been identified in Apple iOS 13.6, iPadOS 13.6, and tvOS 13.4.8. This vulnerability allows an application to execute arbitrary code with kernel privileges. The issue was addressed by removing the vulnerable code.

A directory traversal vulnerability has been identified in Wiki.js versions prior to 2.5.151. This issue arises when a storage module with local asset cache fetching is enabled, such as the Local File System or Git modules. Under these conditions, a malicious user could craft a URL that exploits directory traversal, potentially allowing access to any file on the server's file system. This vulnerability could be exacerbated if no web application firewall, like Cloudflare, is in place to strip harmful URLs.

A remote code execution vulnerability exists in the WordPress File Manager plugin, specifically in versions 6.0 through 6.8. The issue arises because the plugin renames an example elFinder connector file to have a .php extension, allowing remote attackers to upload and execute arbitrary PHP code. Exploitation involves using the elFinder upload command to write PHP scripts into a directory where they can be executed.

A vulnerability exists in Laravel versions prior to 6.18.35 and in the 7.x branch prior to 7.24.0. The issue arises from improper handling of the $guarded property in certain situations involving requests with JSON column nesting expressions. This can lead to unexpected mass assignment of model attributes.

A vulnerability exists in Laravel versions prior to 6.18.34 and in the 7.x branch prior to 7.23.2, allowing unvalidated data to be saved to the database under certain conditions. This issue arises during mass assignment when table names are automatically removed, creating a potential for unexpected values to be recorded without proper validation.

A stored cross-site scripting vulnerability has been identified in the Lara Google Analytics WordPress plugin, versions through 2.0.4. This vulnerability allows authenticated users to inject malicious scripts that are stored and executed later.

A Cross-Site Request Forgery (CSRF) vulnerability exists in Hoosk Codeigniter CMS versions prior to 1.7.2. This issue allows an attacker to trick an authenticated admin user into visiting a malicious webpage, where any user accounts could be deleted without the admin's consent.

A remote code execution vulnerability exists in vBulletin versions 5.5.4 prior to 5.6.2. This issue arises from an incomplete fix for a previous vulnerability (CVE-2019-16759) and allows execution of arbitrary PHP code through manipulated subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request.

A vulnerability exists in the Auth0 Node.js client library (npm package) in versions prior to 2.27.1. The issue arises in Machine to Machine applications authorized to use Auth0's management API. When an error occurs, the Authorization header is not properly sanitized before being logged, potentially exposing bearer tokens. This vulnerability could be exploited if the logged token is intercepted or accessed by an unauthorized party.

A vulnerability exists in the kramdown gem, specifically in versions prior to 2.3.0, within the default processing of the 'template' option in Kramdown documents. This behavior can lead to unintended read access to sensitive files, such as '/etc/passwd', or unauthorized execution of embedded Ruby code. The vulnerability is triggered when the '{::options}' extension is used with the 'template' option, allowing crafted input to be processed in a way that could execute arbitrary code or access restricted files. Kramdown is a Markdown parser and converter written in Ruby, and this vulnerability affects multiple NetApp products that incorporate Ruby.

A remote code execution vulnerability has been identified in Apache Airflow versions 1.10.10 and prior. This issue arises from a command injection vulnerability in the 'example_trigger_target_dag' that is included with Airflow. It allows authenticated users to execute arbitrary commands as the user running the Airflow worker or scheduler, depending on the executor in use. However, if the 'load_examples' option is set to 'False' in the configuration, the vulnerability does not exist.

A vulnerability allowing limited information disclosure to low-privileged users exists in Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18. Additionally, several Citrix SD-WAN WANOP appliance models prior to 11.1.1a, 11.0.3d, and 10.2.7 are affected. The vulnerability arises from improper access control, which could be exploited to bypass authorization and access sensitive information.

A vulnerability allowing improper input validation has been identified in Citrix ADC, Citrix Gateway, and certain Citrix SD-WAN WANOP appliance models. This vulnerability affects multiple versions of Citrix ADC and Citrix Gateway, as well as Citrix SD-WAN WANOP versions prior to 11.1.1a, 11.0.3d, and 10.2.7. The issue allows limited information disclosure to users with low privileges.

A vulnerability allowing authorization bypass has been identified in Citrix ADC, Citrix Gateway, and certain Citrix SD-WAN WAN-OP appliance models. This vulnerability affects versions prior to Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, 10.5-70.18, as well as Citrix SD-WAN WAN-OP versions prior to 11.1.1a, 11.0.3d and 10.2.7. The issue allows unauthenticated access to specific URL endpoints, but exploitation requires access to the NetScaler IP (NSIP) management interface.

A vulnerability in Caddy web server versions prior to 0.10.13 allows for an authentication bypass in TLS client authentication. This issue arises from the absence of the StrictHostMatching mode, which is necessary to ensure proper client authentication handling. As a result, the vulnerability could be exploited to bypass authentication requirements under certain conditions.

A memory corruption vulnerability has been identified in the Mail application on Apple iOS, iPadOS, and watchOS. This vulnerability allows heap corruption when processing maliciously crafted mail messages. It affects multiple versions of iOS and iPadOS, as well as watchOS 6.2.5 and 5.3.7.

A vulnerability allowing out-of-bounds write operations has been identified in the Mail application across multiple Apple operating systems, including iOS 13.5, iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. This vulnerability arises from insufficient bounds checking, which can be exploited by processing maliciously crafted mail messages. The exploitation of this vulnerability may lead to unexpected modifications in memory, application crashes, or heap corruption.

A cross-site scripting (XSS) vulnerability has been identified in Angular.js versions prior to 1.8.0. The issue arises from a regex-based HTML input replacement that can inadvertently convert sanitized code into an unsanitized form. This vulnerability can be exploited by wrapping '<option>' elements within '<select>' elements, which alters the way the code is parsed and potentially reintroduces harmful scripts.

A vulnerability exists in the Ignition component for Laravel, specifically in versions prior to 2.0.5 and in the 1.x series versions 1.16.15 and earlier. The issue arises from improper handling of global variables, including globals, _get, _post, _cookie, and _env. This mismanagement can lead to unintended consequences, although the specific impacts are not detailed.

A memory consumption vulnerability allowing arbitrary code execution with kernel privileges has been identified in multiple Apple products, including iOS, iPadOS, macOS, watchOS, and tvOS. This issue arises from inadequate memory management, leading to excessive memory usage. The vulnerability has been addressed in iOS 13.5.1, iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6.

A command injection vulnerability has been identified in Apache Kylin versions 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, and 3.0.1. This vulnerability arises from certain RESTful APIs that concatenate user input with operating system commands, executing them on the server without proper validation. As a result, users may be able to execute arbitrary OS commands remotely.

A cross-site scripting (XSS) vulnerability has been identified in jQuery. This issue affects versions greater than or equal to 1.0.3 and prior to 3.5.0. The vulnerability arises when HTML containing <option> elements from untrusted sources is passed to jQuery's DOM manipulation methods, such as .html() or .append(). Even if the HTML is sanitized, it may still execute untrusted code. This vulnerability is particularly concerning because it can be exploited through common jQuery methods that manipulate the DOM.

A cross-site scripting (XSS) vulnerability has been identified in the Ceph Object Gateway (RADOS Gateway) within the Amazon S3 interface. This issue arises from the improper handling of untrusted input, allowing anonymous users to send requests that could be exploited to inject malicious scripts into objects. The vulnerability affects all versions of Ceph Object Gateway up to the latest release.

A vulnerability exists in Divante vue-storefront-api versions through 1.11.1 and in storefront-api versions through 1.0-rc.1. When unexpected HTTP requests are received, the applications respond with an exception that reveals the error stack trace, including absolute file paths and Node.js module names. This issue was merged into the develop branch of both repositories.

A vulnerability exists in Istio versions through 1.5.1 and Envoy versions through 1.14.1, related to improper handling of HTTP/2 connection reuse when wildcard certificates are involved. This issue can lead to misrouted requests and unintended data exposure between applications hosted on different subdomains but the same IP address. The problem arises when a connection established for a wildcard domain is reused for a specific subdomain, causing requests to be sent to the wrong application.

A directory traversal vulnerability has been identified in the Snap Creek Duplicator WordPress plugin, affecting versions prior to 1.3.28, as well as Duplicator Pro versions prior to 3.8.7.1. The vulnerability allows unauthenticated users to traverse directories using '../' sequences in the 'file' parameter of the 'duplicator_download' or 'duplicator_init' actions, leading to arbitrary file read with the privileges of the web server.

A vulnerability exists in the Auth0.js library (NPM package auth0-js) in versions greater than 8.0.0 and prior to 9.12.3. When an authentication error occurs, the error object returned by the library includes the original user request, which may contain plaintext passwords. If this error object is exposed or logged without modification, there is a risk of password exposure.

A vulnerability allowing insecure direct object references has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. This issue could allow users to access or manipulate objects they should not have permission to.

A CSV injection vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. The issue arises because the plugin's data fields, which source information from various origins, lack proper input validation and sanitization before user data is exported. This oversight can be exploited by uploading a crafted Excel document that injects malicious CSV data.

A stored cross-site scripting vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions prior to 4.0.0. This vulnerability allows for the injection of malicious scripts that are executed on multiple pages within the WordPress site.

A stored cross-site scripting vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability resides within the settings page of the plugin, allowing attackers to inject malicious scripts that are executed when the page is viewed.

A cross-site request forgery (CSRF) vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability arises in the domain field, where the plugin lacks proper CSRF controls, allowing unauthorized actions to be performed on behalf of the user.

A denial-of-service vulnerability has been identified in F5 BIG-IP version 15.1.0.1. When the HTTP/3 QUIC profile is enabled, specially formatted HTTP/3 messages can cause the Traffic Management Microkernel (TMM) to crash and produce a core file. This disruption may lead to a temporary failure in processing traffic, causing TMM to restart. In high availability configurations, this issue can trigger a failover to the standby host.

A vulnerability in FrozenNode Laravel-Administrator versions through 5.0.12 allows unrestricted file uploads, leading to remote code execution. The issue arises in the image upload feature of the admin tips module, where PHP code can be embedded within a GIF image file with a .php extension. Although the application attempts to block such uploads, this restriction can be easily bypassed by manipulating the file upload request.

A vulnerability in CodeIgniter through version 4.0.0 allows remote attackers to gain unauthorized privileges by altering the Email ID sent to the 'Select Role of the User' page. This issue is reportedly linked to a custom module or plugin rather than the CodeIgniter framework itself, as the framework does not provide built-in authentication or user management features.