34 matches found
EUVD-2020-3207
Malware in sbrugna...
CVE-2025-10794
creationtimestamp| type| source ---|---|--- 2025-09-22 15:35:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lzgqcvwdi62g...
CVE-2019-10794
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2024-10794
creationtimestamp| type| source ---|---|--- 2024-11-13 05:48:05+00:00| seen| https://t.me/cvedetector/10797...
CVE-2024-10794
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
WordPress Boostify Header Footer Builder for Elementor Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure
Software Boostify Header Footer Builder for Elementor Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-10794 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8590719f26b7 Credits...
SUSE CVE-2017-10794
When GraphicsMagick 1.3.25 processes an RGB TIFF picture with metadata indicating a single sample per pixel in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode...
byways (>=1.2.0 <=1.5.2), component-build (>=1.0.0 <=1.2.2) +17 more potentially affected by CVE-2019-10794 via component-flatten (>=0.0.1 <=1.0.1)
component-flatten NPM version =0.0.1, =1.2.0, =1.0.0, =1.0.0, =1.3.0, =0.0.3, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =1.0.0, =1.2.0, =0.0.1, =0.0.1, =0.0.4 - faiton-builder =1.1.10 and more Source cves: CVE-2019-10794 Source advisory: OSV:GHSA-G6R3-HHG9-QF58...
Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities
Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-10795 DESCRIPTION: Node.js undefsafe module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a...
CVE-2020-10795
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access...
CVE-2020-10794
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access...
Remote code execution
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access...
CVE-2020-10795
Product affected: Gira TKS-IP-Gateway 4.0.7.7. Vulnerabilities: (1) Path traversal (CNVD-2020-41719/CVE-2020-10794) could allow an attacker to download the application database; (2) Authenticated remote code execution via the backup function of the web frontend (CVE-2020-10795) with potential rem...
CVE-2020-10794
Gira TKS-IP-Gateway 4.0.7.7 is affected by an unauthenticated path traversal vulnerability that lets an attacker download the application database. This CVE (CVE-2020-10794) is linked to CVE-2020-10795, which describes authenticated remote code execution via the backup web frontend and could enab...
CVE-2020-10794
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access...
CVE-2019-10794
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10794
CVE-2019-10794 affects component-flatten, where all versions are vulnerable to prototype pollution via a proto payload. The flaw enables an attacker to trick the program into adding or modifying properties on Object.prototype, with consequences including potential arbitrary code execution as desc...
byways (>=1.2.0 <=1.5.2), component-build (>=1.0.0 <=1.2.2) +17 more potentially affected by CVE-2019-10794 via component-flatten (>=0.0.1 <=1.0.1)
component-flatten NPM version =0.0.1, =1.2.0, =1.0.0, =1.0.0, =1.3.0, =0.0.3, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =1.0.0, =1.2.0, =0.0.1, =0.0.1, =0.0.4 - faiton-builder =1.1.10 and more Source cves: CVE-2019-10794 Source advisory: SNYK:JS-COMPONENTFLATTEN-548907...