CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30555 – WordPress Ultimate Social Comments plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30555
29 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through 1.4.8. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Ultimate Social Comments – Email Notification & Lazy Load de Sayan Datta para WordPress permi... • https://patchstack.com/database/vulnerability/ultimate-facebook-comments/wordpress-ultimate-social-comments-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29804 – WordPress Fancy Comments WordPress plugin <= 1.2.14 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29804
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Team Heate o Fancy Comments WordPress permite XSS almacenado. Este problema afecta a Fancy Comments WordPress: desde n/a hasta 1.2.14. The Fancy Comments WordPre... • https://patchstack.com/database/vulnerability/fancy-facebook-comments/wordpress-fancy-comments-wordpress-plugin-1-2-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30180 – WordPress Easy Social Feed plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30180
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Easy Social Feed permite XSS almacenado. Este problema afecta a Easy Social Feed: desde n/a hasta 6.5.3. The Easy Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Script... • https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-plugin-6-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23347
https://notcve.org/view.php?id=CVE-2024-23347
16 Jan 2024 — Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application. Antes de v176, al abrir un nuevo proyecto, Meta Spark Studio ejecutaba scripts definidos dentro de un archivo package.json incluido como parte de ese proyecto. Esos scripts tendrían la capacidad de ejecutar código arbitrario en el sistema como aplicación. • https://www.facebook.com/security/advisories/cve-2024-23347 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49062
https://notcve.org/view.php?id=CVE-2023-49062
28 Nov 2023 — Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f Katran podría revelar memoria del kernel no inicializada como parte d... • https://github.com/facebookincubator/katran/commit/6a03106ac1eab39d0303662963589ecb2374c97f • CWE-665: Improper Initialization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48740 – WordPress Easy Social Feed plugin <= 6.5.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-48740
23 Nov 2023 — Missing Authorization vulnerability in Easy Social Feed Easy Social Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through 6.5.1. The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_free_sidebar() function in versions up to, and including, 6.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss... • https://patchstack.com/database/wordpress/plugin/easy-facebook-likebox/vulnerability/wordpress-easy-social-feed-plugin-6-5-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5654
https://notcve.org/view.php?id=CVE-2023-5654
19 Oct 2023 — The React Developer Tools extension registers a message listener with window.addEventListener('message',
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 20%CPEs: 2EXPL: 2CVE-2023-45239 – Gentoo Linux Security Advisory 202402-13
https://notcve.org/view.php?id=CVE-2023-45239
06 Oct 2023 — A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. Existe una falta de validación de entrada en tac_plus antes del commit 4fdf178 que, cuando los comandos de autenticación previa o posterior están habilitados, permite a un atacante que puede controlar el nombre de usuari... • https://github.com/takeshixx/tac_plus-pre-auth-rce • CWE-790: Improper Filtering of Special Elements •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-30470
https://notcve.org/view.php?id=CVE-2023-30470
18 May 2023 — A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. • https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09 • CWE-416: Use After Free •