CVE Catalog

A stored cross-site scripting vulnerability has been identified in the TinyMCE Shortcode Addon plugin for WordPress, affecting all versions through 1.0.0. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages. These scripts execute when a user views the affected page.

A stored cross-site scripting vulnerability has been identified in the FV Flowplayer Video Player plugin for WordPress, affecting all versions through 7.5.49.7212. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts into comments. These scripts are executed when users access the affected pages. Exploitation requires the 'Parse Vimeo and YouTube links' setting to be enabled and for the injected comment to be approved by an administrator before the script is executed publicly.

A stored cross-site scripting vulnerability has been identified in the Enable Media Replace plugin for WordPress, affecting all versions through 4.1.8. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to inject arbitrary web scripts via the 'location_dir' parameter. These scripts are executed when a user accesses the compromised page.

A file upload vulnerability allowing unrestricted file types has been identified in Dcat-Admin versions through 2.2.3-beta. The issue resides in the User Setting Page, specifically within the editorMDUpload function of the file /admin/dcat-api/editor-md/upload. This vulnerability can be exploited remotely, as the upload request lacks proper security checks, enabling the execution of arbitrary PHP code on the server.

A vulnerability has been identified in the TOTOLINK EX200 router, specifically in version 4.0.3c.7646. The issue arises from an unknown function in the vsftpd configuration file, /etc/vsftpd.conf, which leads to a least privilege violation. This vulnerability can be exploited remotely, and the exploit has been made public.

An improper authorization vulnerability has been identified in Dolibarr ERP CRM versions prior to 23.0.2. The issue resides in an unknown function within the file 'htdocs/core/filemanagerdol/connectors/php/config.inc.php', part of the Legacy Filemanager component. This vulnerability allows remote exploitation, as the affected function can be accessed without proper authorization. The exploit is publicly available.

An authentication bypass vulnerability has been identified in DTStack Taier versions through 1.4.0. The issue resides in the LoginInterceptor component, specifically within the preHandle function. This vulnerability allows unauthenticated users to execute arbitrary code on the server with root privileges. The exploitation process involves bypassing authentication, injecting malicious JDBC URLs, and leveraging vulnerable PostgreSQL JDBC driver versions to execute commands remotely.

A stored cross-site scripting vulnerability has been identified in the Accordions plugin for WordPress, affecting all versions through 2.3.23. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Custom-level access and above to inject arbitrary scripts into the Accordion body field. These scripts are executed when users access the affected pages.

A YAML injection vulnerability has been identified in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor, affecting versions prior to 0.76.6. The vulnerability arises because the hostname field in client_info.json, located within a collection ZIP, is inserted into a YAML template using Go's text/template without proper escaping. An attacker can exploit this by crafting a collection ZIP that includes literal double quotes and newlines in the hostname, breaking out of the YAML quoted string and injecting a new mount remapping entry. When the injected remapping file is applied with the --remap option, it executes arbitrary VQL on the analyst's machine with NullACLManager, granting all permissions without sandboxing.

A cross-site scripting vulnerability has been identified in SAP Wily Introscope Enterprise Manager. This issue allows an unauthenticated attacker to create a specially crafted URL that, under certain conditions, could execute an injected script in the context of the user's browser within the application. The vulnerability has a low impact on the application's confidentiality and integrity, with no effect on availability.

An email spoofing vulnerability exists in SAP Business Objects Business Intelligence Platform due to inadequate validation of email sending parameters from authenticated users. This issue allows for the manipulation of email headers, potentially leading to unauthorized email representation. While the vulnerability has a low impact on integrity, it does not compromise the application's confidentiality or availability.

A vulnerability exists in the Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC). These modules lack proper identification of permitted SAP-internal applications, allowing customer or third-party applications to use them in unintended ways. This could result in unauthorized data disclosure, although it does not compromise data integrity and only minimally impacts application availability.

A vulnerability in the SAP Application Server ABAP has been identified, where the application fails to implement necessary authorization checks for authenticated users. This flaw allows an attacker to execute a report generation command that could overwrite information belonging to another user, leading to unauthorized privilege escalation. The vulnerability has a high impact on data integrity, a low impact on availability, and no impact on confidentiality.

A vulnerability in SAP Master Data Governance (MDG) within the Review Match Groups Application has been identified, where the application fails to implement proper authorization checks for authenticated users. This oversight could enable a low-privileged user to execute actions that are typically restricted, leading to unauthorized privilege escalation. While this vulnerability has a low impact on data integrity, it does not affect confidentiality or availability.

A vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, allowing an authenticated attacker with normal privileges to modify signed XML documents. The attacker can obtain a valid signed message, alter the identity information, and send it to the verifier. This manipulation may lead to unauthorized access to sensitive user data and disrupt normal system operations, significantly impacting the application's confidentiality, integrity, and availability.

A reflected cross-site scripting vulnerability has been identified in the JDBC Test Servlet of SAP NetWeaver JAVA. This vulnerability allows an unauthenticated attacker to create a URL containing a malicious script. When a victim clicks on this link, the injected script is executed in the context of the victim's browser. This could enable the attacker to access or modify information related to the web client, thereby compromising the application's confidentiality and integrity, although it does not affect availability.

A SQL injection vulnerability has been identified in SAP S/4HANA (On-Premise) within a remote-enabled function module component. This vulnerability could be exploited by an authenticated attacker to execute unauthorized database queries, potentially exposing sensitive information that should otherwise remain confidential. The flaw significantly impacts data confidentiality, with no effects on the application's integrity or availability.

A vulnerability exists in SAP Business Objects applications that allows unauthorized attackers to access a specific endpoint and retrieve sensitive information. This issue has a low impact on data confidentiality, with no effects on the application's integrity or availability.

A vulnerability in SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to send a malicious HTTP logon request that manipulates file inclusion parameters. This exploitation enables path traversal and the processing of the included file. Such processing could lead to unauthorized viewing or modification of sensitive information or cause disruption to local system availability.

A vulnerability exists in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform. This issue arises from improper validation of the Remote Function Call (RFC) protocol, allowing an unauthenticated attacker to send a crafted RFC request. The exploitation of this vulnerability takes advantage of logical errors in memory management, resulting in memory corruption. Such corruption could significantly impact the application's confidentiality, integrity, and availability.

A vulnerability in SAP Fiori Launchpad allows attackers to create malicious URLs that trigger arbitrary service calls within the Fiori domain. When these URLs are opened by users, they could lead to the theft of user credentials, compromising accounts. Exploitation of this vulnerability requires advanced knowledge of the system, resulting in a low impact on confidentiality and integrity, with no effect on availability.

A UI spoofing vulnerability has been identified in Google Chrome in the Guest View feature, in versions prior to 149.0.7827.103. This vulnerability allows remote attackers to manipulate user interface elements through a specially crafted HTML page.

A use-after-free vulnerability has been identified in the Tracing component of Google Chrome. This issue affects versions prior to 149.0.7827.103. The vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the Bluetooth component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially exploit heap corruption by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Bluetooth component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially exploit heap corruption by using a crafted HTML page.

A vulnerability in Google Chrome prior to 149.0.7827.103 allows remote attackers to potentially escape the sandbox by exploiting insufficient validation of untrusted input in the user interface. This issue was reported by Google.

A vulnerability allowing uninitialized use in the video component of Google Chrome on Windows has been identified. This issue, present in versions prior to 149.0.7827.103, could enable a remote attacker who has compromised the renderer process to access potentially sensitive information from process memory. The exploitation would occur through a crafted HTML page.

A vulnerability in the Passwords feature of Google Chrome, in versions prior to 149.0.7827.103, allowed remote attackers to leak cross-origin data through a specially crafted HTML page. This issue arises from inappropriate implementation in the handling of passwords.

A use-after-free vulnerability has been identified in the Service Worker component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to execute arbitrary code within a sandboxed environment, by delivering a crafted HTML page.

A vulnerability in the Plugins component of Google Chrome, in versions prior to 149.0.7827.103, allowed remote attackers to bypass site isolation. This was achieved through a crafted HTML page that exploited an inappropriate implementation, targeting the renderer process.

A use-after-free vulnerability has been identified in Google Chrome's Read Anything feature, in versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by using a crafted HTML page.

A vulnerability in Google Chrome's New Tab Page, present in versions prior to 149.0.7827.103, allowed remote attackers to leak cross-origin data. This was possible due to insufficient validation of untrusted input, which could be exploited through a crafted HTML page, potentially compromising the renderer process.

A vulnerability allowing out-of-bounds read and write operations in the Media component of Google Chrome on Mac, prior to version 149.0.7827.103, has been identified. This vulnerability could enable a remote attacker, who has compromised the renderer process, to execute arbitrary code within a sandboxed environment by using a specially crafted HTML page.

A vulnerability in the Passwords component of Google Chrome, in versions prior to 149.0.7827.103, allowed remote attackers to bypass site isolation. This was achieved through insufficient policy enforcement, enabling exploitation via a crafted HTML page that compromised the renderer process.

A vulnerability exists in Google Chrome in the SVG component, prior to version 149.0.7827.103, that allows remote attackers to execute arbitrary code within a sandboxed environment by using a specially crafted HTML page. This issue arises from an inappropriate implementation in the handling of SVG.

A use-after-free vulnerability has been identified in the Dawn component of Google Chrome for Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially exploit heap corruption by using a crafted HTML page.

A vulnerability in the Dawn component of Google Chrome on macOS, in versions prior to 149.0.7827.103, allowed a remote attacker to leak cross-origin data. This was possible due to insufficient validation of untrusted input, which could be exploited through a crafted HTML page, by a remote attacker who had compromised the renderer process.

A vulnerability in the MediaCapture component of Google Chrome on Mac, in versions prior to 149.0.7827.103, allowed remote attackers to leak cross-origin data by using a specially crafted HTML page. This issue was due to inappropriate implementation in the way media capture handled data validation.

A vulnerability in Google Chrome's Network component, in versions prior to 149.0.7827.103, allowed remote attackers to leak cross-origin data. This was achieved by compromising the utility process and using a crafted HTML page, exploiting insufficient policy enforcement.

A use-after-free vulnerability has been identified in the WebCodecs component of Google Chrome. This issue affects versions prior to 149.0.7827.103 and allows remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.

A vulnerability in the Views component of Google Chrome on Linux, in versions prior to 149.0.7827.103, allowed a remote attacker who had compromised the renderer process to potentially escape the sandbox by using a crafted HTML page. This issue was due to inappropriate input validation in the affected component.

A use-after-free vulnerability has been identified in the Ozone component of Google Chrome on Linux, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker to exploit heap corruption by sending a crafted HTML page.

A use-after-free vulnerability has been identified in the Media component of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Codecs component of Google Chrome for Windows, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker who has compromised the renderer process to perform a sandbox escape by exploiting a crafted HTML page.

An integer overflow vulnerability has been identified in the libyuv library used by Google Chrome. This issue affects Chrome versions prior to 149.0.7827.103. The vulnerability allows a remote attacker who has compromised the renderer process to access potentially sensitive information from process memory. Exploitation can be achieved through a crafted HTML page.

A race condition vulnerability has been identified in Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allowed a remote attacker who had compromised the network process to potentially escape the sandbox by using a crafted HTML page.

A vulnerability in the Dawn component of Google Chrome on Linux and ChromeOS, prior to version 149.0.7827.103, allowed a remote attacker to potentially escape the sandbox by exploiting insufficient validation of untrusted input. This could be achieved through a crafted HTML page, targeting a compromised renderer process.

A high-severity out-of-bounds read vulnerability has been identified in the Skia graphics library used by Google Chrome. This issue affects Chrome versions prior to 149.0.7827.103. The vulnerability allows a remote attacker, who has compromised the renderer process, to leak cross-origin data by using a specially crafted HTML page.

A use-after-free vulnerability has been identified in the Guest View component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code within a sandbox by using a specially crafted HTML page.

A use-after-free vulnerability has been identified in the Interest Groups feature of Google Chrome. This issue affects versions prior to 149.0.7827.103 and allows remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.