CVE-2026-11278

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918...

CVE-2026-11278

Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2024-11278

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2020-11278

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2024-11278

creationtimestamp| type| source ---|---|--- 2024-11-20 07:03:12+00:00| seen| https://t.me/cvedetector/11557...

CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-11278

CVE-2024-11278 affects the WordPress plugin GD bbPress Attachments (≤ 4.7.2). The issue is a Reflected Cross-Site Scripting (XSS) caused by inadequate escaping of the URL via add_query_arg, enabling unauthenticated attackers to inject scripts that execute when a user interacts with a crafted link...

CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

WordPress GD bbPress Attachments Plugin <= 4.7.2 is vulnerable to Cross Site Scripting (XSS)

Software GD bbPress Attachments Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11278 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fddb2474371 Credits Colin Xu...

CVE-2020-11278

creationtimestamp| type| source ---|---|--- 2021-02-22 12:28:18+00:00| seen| https://t.me/cibsecurity/23911...

CVE-2020-11278

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2020-11278

CVE-2020-11278 affects Qualcomm Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, CE Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure & Networking). The root cause is improper validation when handling host WMI commands, leading to possible Denial...

CVE-2019-11278 Privilege Escalation via Blind SCIM Injection in UAA

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of...

CVE-2019-11278

CVE-2019-11278 affects Cloud Foundry UAA before 74.1.0. A remote attacker with the privileges client.write and groups.update can craft a SCIM query by injecting external input directly into SCIM, causing a leak of information that enables privilege escalation and potential control of UAA scopes. ...

CVE-2019-11278: Privilege Escalation via Blind SCIM Injection in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ ca...

CVE-2018-11278

CVE-2018-11278 affects CAF Venus HW in Android for MSM, Firefox OS for MSM, and QRD Android builds. The vulnerability occurs when Venus HW decodes input bit stream buffers: it searches for a start code, and if the start code is not found in the entire buffer, the implementation may over-fetch bey...

CVE-2017-11278

Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2017-11278

Adobe Digital Editions 4.5.4 and earlier are affected by CVE-2017-11278 (memory corruption vulnerability). Successful exploitation could lead to arbitrary code execution. The connected advisories indicate this was part of APSB17-27 with remediation guidance to upgrade to 4.5.6 or newer on Windows...

Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27)

The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-27 advisory. - Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful...

Siemens Scalance W-700 系列设备SSL证书欺骗漏洞

Siemens Scalance W-700系列内置SSL证书欺骗漏洞 CNVD-ID CNVD-2013-11278 CVE-ID: CVE-2013-4651 在关于担保的管理 web 界面和命令行管理界面中的身份验证旁路硬编码的 SSL 证书的西门子 Scalance W7xx IEEE 802.11a/b/g 产品系列。Siemens Scalance W-700 Series是西门子开发的工业无线交换机设备。 Siemens Scalance W-700系列设备设备内置的SSL证书，不能通过管理接口来更换该证书，允许攻击者通过中间人攻击获取敏感信息。 如下固件版本...