Aggregator

​Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links. [...]

A vulnerability classified as critical has been found in Perl up to 5.34.3/5.36.3/5.38.3/5.40.1. This affects the function S_do_trans_invmap. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-56406. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Link Whisper Free Plugin up to 0.6.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-27992. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in ExpressTech Quiz and Survey Master Plugin up to 8.2.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-27966. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in esphome 2021.9.2/2023.12.9. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-29019. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in webpack-dev-middleware up to 5.3.3/6.1.1/7.0.x. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-29180. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Data443 Tracking Code Manager Plugin up to 2.0.16 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2579. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WPCoder WP Coder Plugin up to 3.5 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2578. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in FunnelKit Automation by Autonami Plugin up to 2.8.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2580. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Florian Krauthan wp-mpdf Plugin up to 3.7.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-27962. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in WPFunnels Team WPFunnels Plugin up to 3.0.6 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-27965. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Crisp Plugin up to 0.44 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-27963. It is possible to launch the attack remotely. There is no exploit available.

美国海关与边境保护局 (CBP) 周五晚上发布公告，宣布智能手机、电脑显示器、太阳能电池、硬盘、存储卡等共计 20 类产品将不受 125% 的新增进口关税影响。豁免的有效期追溯至 202 5年 4 月 5 日。苹果公司预计是免除关税的最大受益方，它今年早些时候承诺未来几年向美国投资 5000 亿美元。Wedbush Securities 估计，苹果约九成的 iPhone 生产和组装都在中国进行。Counterpoint Research 估计，苹果在美国拥有最多六周的库存。一旦库存耗尽，如果征收 145% 关税，iPhone 的价格可能会上涨。

Создатели платформы ловко обращают привычные технологии против нас.

A vulnerability was found in Optimole Super Page Cache for Cloudflare Plugin up to 4.7.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-27968. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Moodle 3.10.9. It has been rated as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation of the argument lang leads to cross site scripting. The identification of this vulnerability is CVE-2024-29374. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Page Builder Plugin up to 1.8.4 on WordPress. Affected by this issue is some unknown functionality of the component Custom Attributes Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-2504. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Rank Math SEO with AI SEO Tools Plugin up to 1.0.214 on WordPress and classified as problematic. This issue affects some unknown processing of the component HowTo Block Attribute Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2536. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Getwid Plugin up to 2.0.5 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Block Content Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1948. It is possible to launch the attack remotely. There is no exploit available.