CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all
In the realm of web security, the evolution of protocols brings both advancements and vulnerabilities. The HTTP/2 protocol, known for
Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard
Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with
Description There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code
Description An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow
Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be
Description IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker
Description Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management
Description Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an
Description image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). References https://github.com/spatie/image-optimizer/issues/210 https://github.com/spatie/image-optimizer/compare/1.7.2…1.7.3 https://github.com/spatie/image-optimizer/pull/211 For
Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects
In our interconnected digital era, endpoints represent the gateways to an organization’s digital assets. Unfortunately, they also stand as prime
Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more
Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the
Significant challenges have marked the cloud security landscape as organizations increasingly rely on cloud services. In 2023, 82% of data
Description Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections,
Description A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute
Description Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via
Description The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer
Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted
Description In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer
Description A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and