CVE-2020-10048

A vulnerability has been identified in SIMATIC PCS 7 All versions, SIMATIC WinCC All versions V7.5 SP2. Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing...

CVE-2025-10048

creationtimestamp| type| source ---|---|--- 2025-10-11 08:13:21+00:00| seen| Telegram/GBqfhhrusysB28H8ZSq5sh6AtlZ0aM-SilCF15XVZq1ek3U...

CVE-2025-10048 My Auctions Allegro Plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 3.6.31 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress My Auctions Allegro plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin My auctions allegro versions = 3.6.31...

CVE-2018-10048

iScripts eSwap v2.4 has CSRF via "registrationsettings.php" in the Admin Panel...

Linux Distros Unpatched Vulnerability : CVE-2016-10048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2024-10048

The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress Post Status Notifier Lite Plugin <= 1.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Status Notifier Lite Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fa83a961050b Credits Colin...

WordPress Post Status Notifier Premium Plugin <= 1.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Status Notifier Premium Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dcdb37cb71e Credits...

CVE-2015-10048

CVE-2015-10048 affects the bmattoso desafio_buzz_woody application. The issue is a SQL injection vulnerability caused by processing that allows manipulation of SQL queries. The vulnerability is rated critical in the initial description with CVSS 3.1/3.0 metrics showing high impact on confidential...

CVE-2020-10048

A vulnerability has been identified in SIMATIC PCS 7 All versions, SIMATIC WinCC All versions V7.5 SP2. Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing...

CVE-2020-10048

CVE-2020-10048 affects Siemens SIMATIC PCS 7 (All versions) and SIMATIC WinCC (all versions

SIMATIC WinCC Graphics Designer

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low skill level to exploit Vendor : Siemens Equipment: SIMATIC WinCC and PCS 7 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

CVE-2019-10048

The CVE-2019-10048 entry concerns Pydio up to version 8.2.2 where the ImageMagick plugin does not validate/sanitize user input in its configuration options. This enables an authenticated administrator to enter arbitrary shell commands, causing command execution on the underlying OS with the web s...

Pydio 8 Command Execution / Cross Site Scripting

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Pydio 8 Multiple Vulnerabilities 1. Advisory Information Title: Pydio 8 Multiple Vulnerabilities Advisory ID: SAUTH-2019-0002 Advisory URL: https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities Date published:...

Pydio 8 Command Execution / Cross Site Scripting Vulnerabilities

Pydio 8 suffers from cross site scripting, command injection, and various other vulnerabilities. Pydio 8 Multiple Vulnerabilities 1. Advisory Information Title: Pydio 8 Multiple Vulnerabilities Advisory ID: SAUTH-2019-0002 Advisory URL:...

CVE-2013-10048

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlinkcommandphpexecnoauth.rb 2025-08-01 22:19:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lveoncdyvg2d 2025-10-2...

CVE-2012-10048

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zenossshowdaemonxmlconfigexec.rb 2025-08-08 20:12:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvw2scdza22p...

CVE-2014-10048

CVE-2014-10048 affects Android on Qualcomm Snapdragon mobile/wear platforms (numerous SKUs) prior to the 2018-04-05 security patch level. The issue arises in time-services when setting offsets, where bases can be configured to values greater than the valid base, causing an array index out-of-boun...

CVE-2018-10048

iScripts eSwap v2.4 has CSRF via "registrationsettings.php" in the Admin Panel...