CVE-2026-10057

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

CVE-2026-10057

creationtimestamp| type| source ---|---|--- 2026-05-29 01:15:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10942-2b78b-2.html...

Lexmark Printers Cross-Site Request Forgery (CSRF) (CVE-2019-10057)

Various Lexmark products have a CSRF vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503859; scriptversion"1.2";...

CVE-2025-10057

creationtimestamp| type| source ---|---|--- 2025-09-17 07:08:07+00:00| seen| https://gist.github.com/Darkcrai86/d550ee3bb2fac44c20aa5bd182cc3a84 2025-09-17 07:55:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyzebogyne2c...

WordPress WP Import plugin 7.20-7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection vulnerability

Authenticated Subscriber+ Remote Code Execution via Code Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions 7.20-7.28...

Linux Distros Unpatched Vulnerability : CVE-2018-10057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary...

CVE-2013-10057

Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx) contains a stack-based buffer overflow in the ConnectToSynactis method. A long string passed to populate ldCmdLine for WinExec can overwrite a saved TRegistry pointer on the stack, enabling remote code execution when a user visits a malicious...

Linux Distros Unpatched Vulnerability : CVE-2016-10057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service application...

CVE-2024-10057

creationtimestamp| type| source ---|---|--- 2024-10-18 12:44:42+00:00| seen| https://t.me/cvedetector/8326...

CVE-2024-10057

The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10057 RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode

The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10057 RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode

The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress RSS Feed Widget Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS)

Software RSS Feed Widget Type Plugin Vulnerable versions = 2.9.9 Fixed in 3.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10057 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d0b0d19c49ad Credits Peter Thaleikis Require...

CVE-2015-10057

A vulnerability (CVE-2015-10057) affects Little Apps Little Software Stats, specifically the Password Reset Handler component inc/class.securelogin.php. The issue is an improper access control in that file, leading to potential unauthorized access. The documented exploitability is described as di...

CVE-2020-10057

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

CVE-2020-10057

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

CVE-2020-10057

GeniXCMS 1.1.7 is affected by a user privilege escalation due to broken access control. The issue stems from an incomplete fix for CVE-2015-2680, where a CSRF token was used without validating that the token is tied to an administrative user. No patch/version remediation details are provided in t...

CVE-2019-10057

Various Lexmark products have CSRF...

CVE-2019-10057

CVE-2019-10057 affects Lexmark printers (embedded web server) and is a CSRF vulnerability caused by lack of CSRF countermeasures. Publicly documented details among connected sources indicate that this CSRF could enable an attacker to modify settings or perform actions within an authenticated prin...

CVE-2018-10057

creationtimestamp| type| source ---|---|--- 2018-06-06 07:53:41+00:00| published-proof-of-concept| https://t.me/antichat/1559...