CVE-2026-10580

creationtimestamp| type| source ---|---|--- 2026-06-05 20:01:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnkwkmd32g2p 2026-06-06 00:00:12+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mnldv3nnpv2c 2026-06-07 14:08:08+00:00| seen|...

CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

CVE-2025-10580

creationtimestamp| type| source ---|---|--- 2025-10-25 07:47:19+00:00| seen| Telegram/Rd3CLsQ31zk6aTKhcohxVJYFwICcp9BNVYu7cpBz1k0l0...

CVE-2025-10580 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Widget Options – The 1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple functions in all versions up to, and including, 4.1.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2019-10580

When kernel thread unregistered listener, Use after free issue happened as the listener clients private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2024-10580 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submitform function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submi...

WordPress Hustle Plugin <= 7.8.5 is vulnerable to Broken Access Control

Software Hustle Type Plugin Vulnerable versions = 7.8.5 Fixed in 7.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10580 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 82d2fb561073 Credits Vijaysimha Reddy vijaysimha Required privileg...

Invigo Automatic Device Management Remote Code Execution (CVE-2020-10580)

A remote code execution vulnerability exists in Invigo Automatic Device Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2020-10580

The CVE-2020-10580 entry describes a command injection in Invigo Automatic Device Management (ADM) via the /admin/broadcast.php script, affecting ADM versions through 5.0. The underlying flaw enables remote authenticated attackers to execute arbitrary PHP code on the server as the application use...

HPE Apollo 70 Buffer Overflow Vulnerability (CNVD-2021-10580)

The HPE Apollo 70 system is an Arm-based platform that provides the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so webgetactivexcfg function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

CVE-2019-10580

creationtimestamp| type| source ---|---|--- 2020-07-30 16:55:34+00:00| seen| https://t.me/cibsecurity/13776...

CVE-2019-10580

When kernel thread unregistered listener, Use after free issue happened as the listener clients private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2019-10580

CVE-2019-10580 describes a local use-after-free in the Qualcomm Snapdragon kernel: when a listener is unregistered, the listener’s private data may already have been freed. Affected are Snapdragon Auto/Compute/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables platforms (listed in the des...

CVE-2016-10580

Summary: nodewebkit downloads zipped resources over HTTP, which enables MITM modification of the downloaded payload to execute arbitrary code on the host. In exposed network positions, an attacker can intercept and swap the zip file, leading to potential RCE on systems running nodewebkit. Public ...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu...

MyBB Latest Posts On Profile 1.1 Cross Site Scripting

Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu 17.10 CVE: CVE-2018-10580 1...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914...