CVE-2016-10952

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10952 via ml-logger (=0.10.36)

ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10952 Source advisory: OSV:GHSA-9X36-C74V-FGR6...

CVE-2017-10952

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:11+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

CVE-2024-10952

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via updateauthorslistajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10952

creationtimestamp| type| source ---|---|--- 2024-12-04 02:52:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113592288895692725 2024-12-04 05:02:44+00:00| seen| https://t.me/cvedetector/11943...

CVE-2024-10952 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via updateauthorslistajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2020-10952

CVE-2020-10952 affects GitLab Community and Enterprise Editions (GitLab CE/EE) 8.11–12.9.1. An access control error allows blocked users to pull and push docker images, enabling unintended image access/manipulation. According to the linked advisories, GitLab released security updates fixing this ...

CVE-2016-10952

creationtimestamp| type| source ---|---|--- 2019-09-13 16:28:18+00:00| seen| https://t.me/cibsecurity/6738...

CVE-2016-10952

The CVE relates to the WordPress Quotes Collection plugin (versions before 2.0.6). Multiple sources in connected documents confirm a Cross-Site Scripting (XSS) vulnerability exposed via the wp-admin/admin.php?page=quotes-collection parameter. This indicates a reflected XSS condition where user-su...

CVE-2019-10952

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...

CVE-2019-10952 Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...

CVE-2019-10952

CVE-2019-10952 affects Rockwell Automation CompactLogix 5370 family (L1/L2/L3), Compact GuardLogix 5370, and Armor Compact GuardLogix 5370, versions 20–30 and earlier. The vulnerability is described as an uncontrolled resource consumption/stack-based buffer overflow in the web server that could b...

CVE-2018-10952

The CVE-2018-10952 entry affects the 2345 Security Guard 3.7 driver, specifically the X64 driver file 2345BdPcSafe.sys. The root cause is failure to validate input values from IOCTL 0x00222088, allowing local users to trigger a denial of service (BSOD) and potentially other unspecified impacts. C...

Foxit Reader < 8.3.2 Multiple Vulnerabilities

The version of Foxit Reader installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially execute arbitrary code. CVE-2017-10951 - A flaw in the saveA...

Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...

CVE-2017-10952

CVE-2017-10952 affects Foxit Reader (and related Foxit products) with a vulnerability in the saveAs JavaScript function. The flaw allows writing arbitrary files to attacker-controlled locations and can lead to code execution under the current process, with exploitation requiring user interaction ...

Foxit Reader command injection(CVE-2017-10951)and file writing Vulnerability(CVE-2017-10952)

A tale about Foxit Reader - Safe Reading mode and other vulnerabilities Some days ago someone send me the following link, which describes two vulnerabilities in Foxit Reader: http://thehackernews.com/2017/08/two-critical-zero-day-flaws-disclosed.html These two vulnerabilities are similar to the...

Foxit PDF reader there 2 at high-risk vulnerabilities, the vendor has refused to fix? - Vulnerability warning-the black bar safety net

Use Foxit Foxit PDF reader's user to pay special attention to the security researchers which discovered two serious 0day vulnerability, such as not the reader is configured in the secure read mode open file, it would let the attacker on the target computer to execute arbitrary code. Foxit company...

KLA11093 Arbitrary code execution vulnerabilities in Foxit Reader

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. An improper validation of user-supplied data in the saveAs Java script function can b...

sugang.korea.ac.kr XSS vulnerability

Vulnerable URL: http://sugang.korea.ac.kr/lecture/LecSubFS.jsp?courCls=ENGL376-00"--!"===0〈= Details: Description| Value ---|--- Patched:| Yes, at 21.09.2017 Latest check for patch:| 21.09.2017 01:23 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 10952 VIP...