CVE-2025-11012 BehaviorTree Diagnostic Message script_parser.cpp ParseScript stack-based overflow

A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/scriptparser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument errormsgsbuffer can lead to stack-based buffer overflow. The attack can only be...

CVE-2018-11012

ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java...

CVE-2020-11012

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...

CVE-2024-11012

The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text

The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2020-11012

creationtimestamp| type| source ---|---|--- 2023-12-12 01:42:29+00:00| seen| https://t.me/arpsyndicate/1789...

CVE-2020-11012 Authentication bypass MinIO Admin API

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...

CVE-2020-11012

CVE-2020-11012 affects MinIO prior to RELEASE.2020-04-23T00-58-49Z. The admin API authentication bypass allows an admin access key to perform admin API operations (e.g., creating new service accounts for existing keys) without the admin secret key. The issue is documented across multiple sources ...

CVE-2016-11012

The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS...

CVE-2016-11012

The CVE-2016-11012 entry affects the WordPress plugin sola-support-tickets prior to version 3.13 . The vulnerability is an incorrect access control for /wp-admin that enables an XSS condition. Public-facing details confirm an admin-page access issue can lead to script injections; no further explo...

CVE-2018-11012

ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java...

CVE-2018-11012

ruibaby Halo 0.0.2 has a stored cross-site scripting vulnerability in which unsanitized input from loginName/loginPwd during a failed login to AdminController.java can be persisted and later executed in victims’ browsers. Public records list CVSS2 base 4.3 (MEDIUM) and CVSS3 base 6.1 (MEDIUM); no...

CVE-2017-11012

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCANL80211VENDORSUBCMDENCRYPTIONTEST cfg80211 vendor command a stack-based buffer overflow can occur...

CVE-2017-11012

The CVE-2017-11012 issue is described across multiple sources as a stack-based buffer overflow in Qualcomm WLAN components used by Android on MSM platforms, triggered by processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command. Connected CNVD entry attribut...