Smart Security Security Vulnerabilities
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
7.4AI Score
0.0004EPSS
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts....
6.5CVSS
7.1AI Score
0.0004EPSS
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible for...
4.3CVSS
6.7AI Score
0.0004EPSS
An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or...
6.5CVSS
7.1AI Score
0.0005EPSS
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
5.3CVSS
8.6AI Score
0.0005EPSS
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute...
6.8CVSS
7AI Score
0.001EPSS
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this...
8.3CVSS
6.6AI Score
0.0005EPSS
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to...
5.3CVSS
6.1AI Score
0.0005EPSS
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
9.1CVSS
7.1AI Score
0.001EPSS
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5.7AI Score
0.0004EPSS
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload....
6.4CVSS
5.6AI Score
0.0004EPSS
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and...
4.3CVSS
5.3AI Score
0.0004EPSS
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper...
7.8CVSS
7.7AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while key unwrapping process, when the given encrypted key is empty or...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon...
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring...
7.8CVSS
7.7AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Audio while processing IIR config data from AFE calibration...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Audio while processing the calibration data returned from ACDB...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...
7.8CVSS
7.9AI Score
0.0004EPSS
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP.....
9.8CVSS
9.5AI Score
0.154EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from....
7.1CVSS
6.4AI Score
0.0005EPSS
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT...
5.5CVSS
6.3AI Score
0.0004EPSS
The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.8CVSS
5.3AI Score
0.0004EPSS
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...
7.2CVSS
7AI Score
0.001EPSS
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the...
6.8CVSS
6.5AI Score
0.001EPSS
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the...
6.5CVSS
6.2AI Score
0.0004EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST...
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption when resource manager sends the host kernel a reply message with multiple...
8.4CVSS
7.7AI Score
0.0004EPSS
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same...
8.4CVSS
7.9AI Score
0.0004EPSS
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...
7.5CVSS
7.6AI Score
0.0005EPSS
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA...
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
9.3CVSS
7.7AI Score
0.0004EPSS
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as...
8.6CVSS
8.5AI Score
0.0005EPSS
Memory corruption while submitting a large list of sync points in an AUX command to the...
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...
Transient DOS while parsing WPA IES, when it is passed with length more than expected...
7.5CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...
6.5CVSS
6.4AI Score
0.0004EPSS