The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. Date published : 2021-03-18 https://github.com/timonwong/vscode-shellcheck/pull/181 https://github.com/timonwong/vscode-shellcheck/releases/tag/v0.13.4
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell...
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the...
The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the...
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the...
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric...
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. Date published : 2021-03-18 http://packetstormsecurity.com/files/162914/Seo-Panel-4.8.0-Cross-Site-Scripting.html https://github.com/seopanel/Seo-Panel/issues/206
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. Date published : 2021-03-18 http://packetstormsecurity.com/files/162322/SEO-Panel-4.8.0-SQL-Injection.html https://github.com/seopanel/Seo-Panel/issues/209
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. Date published : 2021-03-18 http://packetstormsecurity.com/files/162914/Seo-Panel-4.8.0-Cross-Site-Scripting.html https://github.com/seopanel/Seo-Panel/issues/207
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. Date published : 2021-03-18 http://packetstormsecurity.com/files/162914/Seo-Panel-4.8.0-Cross-Site-Scripting.html https://github.com/seopanel/Seo-Panel/issues/208
Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page ("Repeater Wizard" homepage section). Date published : 2021-03-18...
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. Date published : 2021-03-18 https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes https://www.concrete5.org/developers/security
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant’s screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific...
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability Date published : 2021-03-18 https://gist.github.com/kukuxumushi/7436994ef395573023b79652e104a2a0