Filtered by vendor Linear
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13709 | 2 Linear, Wordpress | 2 Linear, Wordpress | 2025-01-27 | 4.3 Medium |
| The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-12496 | 2 Linear, Wordpress | 2 Linear, Wordpress | 2025-01-09 | 6.4 Medium |
| The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2020-9058 | 4 Dome, Jasco, Linear and 1 more | 4 Dm501, Zw4201, Lb60z-1 and 1 more | 2024-11-21 | 8.1 High |
| Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. | ||||
| CVE-2020-9057 | 2 Linear, Silabs | 5 Wadwaz-1, Wapirz-1, 100 Series Firmware and 2 more | 2024-11-21 | 8.8 High |
| Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable. | ||||
| CVE-2024-52426 | 1 Linear | 1 Linear | 2024-11-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.This issue affects Linear: from n/a through 2.7.11. | ||||
Page 1 of 1.