CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22324 – WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22324
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andon Ivanov OZ Canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through 0.5. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Andon Ivanov OZ Canonical permite XSS reflejado. Este problema afecta a OZ Canonical: desde n/a hasta 0.5. The OZ Canonical plugin for WordPress is vulnerable to Reflected Cross-Site Sc... • https://patchstack.com/database/wordpress/plugin/oz-canonical/vulnerability/wordpress-oz-canonical-plugin-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6219
https://notcve.org/view.php?id=CVE-2024-6219
05 Dec 2024 — Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. • https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf • CWE-295: Improper Certificate Validation •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6156
https://notcve.org/view.php?id=CVE-2024-6156
05 Dec 2024 — Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. • https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53907 – django: Potential denial-of-service in django.utils.html.strip_tags()
https://notcve.org/view.php?id=CVE-2024-53907
05 Dec 2024 — An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. A vulnerability was found in the Django Web Framework. The strip_tags() and stripbtags template filter may be vulnerable to a potential denial of service (DoS) in cases of a large sequence of nested incomplete HTML entities. jiang... • https://docs.djangoproject.com/en/dev/releases/security • CWE-770: Allocation of Resources Without Limits or Throttling CWE-1169: SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53908 – django: Potential SQL injection in HasKey(lhs, rhs) on Oracle
https://notcve.org/view.php?id=CVE-2024-53908
05 Dec 2024 — An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) A vulnerability was found in the Django Web Framework. The direct usage of django.db.models.fields.json.HasKey may be vulnerable to SQL injection if untrusted data is used to... • https://docs.djangoproject.com/en/dev/releases/security • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-11704 – Gentoo Linux Security Advisory 202501-10
https://notcve.org/view.php?id=CVE-2024-11704
26 Nov 2024 — A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133. A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory co... • https://bugzilla.mozilla.org/show_bug.cgi?id=1899402 • CWE-415: Double Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-11694 – firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
https://notcve.org/view.php?id=CVE-2024-11694
26 Nov 2024 — Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and D... • https://bugzilla.mozilla.org/show_bug.cgi?id=1924167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11586
https://notcve.org/view.php?id=CVE-2024-11586
23 Nov 2024 — Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. • https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-7730 – Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()
https://notcve.org/view.php?id=CVE-2024-7730
14 Nov 2024 — A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero. • https://access.redhat.com/security/cve/CVE-2024-7730 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-52533 – glib: buffer overflow in set_connect_msg()
https://notcve.org/view.php?id=CVE-2024-52533
11 Nov 2024 — gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior. It was discovered that Glib incorrectly handled certain trailing characters. • https://gitlab.gnome.org/GNOME/glib/-/issues/3461 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •