14 matches found
CVE-2025-12620
creationtimestamp| type| source ---|---|--- 2025-11-13 07:53:26+00:00| seen| https://gist.github.com/Darkcrai86/3b13e2f524971b524447d79185c5dedb 2025-11-13 08:10:22+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5ipop2idu62 2025-11-13 09:31:54+00:00| seen|...
CVE-2020-12620
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection shell metacharacters after an IP address...
CVE-2024-12620
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agljson' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for...
CVE-2024-12620
CVE-2024-12620 : The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the agl_json AJAX action in all versions up to and including 1.4.23 . This allows unauthentic...
CVE-2024-12620 AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agljson' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for...
CVE-2024-12620 AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agljson' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for...
ae.teletronics.nlp:entityextraction (=1.3), at.researchstudio.sat:won-matcher-rescal (>=0.3 <=0.6) +542 more potentially affected by CVE-2017-12620 via org.apache.opennlp:opennlp-tools (>=1.5.2-incubating <=1.8.1)
org.apache.opennlp:opennlp-tools MAVEN version =1.5.2-incubating, =0.3, =0.2, =3.6.1, =3.11.0, =2.0.0, =2.0.0, =1.1, =0.3, =0.2, =0.6, =0.8 - com.blazemeter:jmeter-plugins-rotating-listener =0.2 - com.centit.support:centit-es-client =0.1.1806 and more Source cves: CVE-2017-12620 Source advisory:...
Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson 11.2.1 Vulnerability Details CVEID: CVE-2017-12620 DESCRIPTION: Apache OpenNLP could allow a remote attacker to obtain sensitive information, caused by an XXE attack when loading models or dictionaries that...
CVE-2020-12620
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection shell metacharacters after an IP address...
CVE-2020-12620
Pi-hole 4.4 is affected by a local privilege-escalation vulnerability in which an attacker able to write to /etc/pihole/dns-servers.conf can inject commands via shell metacharacters after an IP address. This is a command injection in the dns-servers.conf handling that leads to elevated privileges...
CVE-2019-12620
Cisco HyperFlex Software contains a Counter Value Injection vulnerability (CVE-2019-12620) in the statistics collection service. The root cause is insufficient authentication of the statistics collection service, allowing an unauthenticated, remote attacker to inject arbitrary data values, which ...
Apache OpenNLP XXE Vulnerability
Exploit for multiple platform in category remote exploits CVE-2017-12620 - Apache OpenNLP XXE vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: OpenNLP 1.5.0 to 1.5.3 OpenNLP 1.6.0 OpenNLP 1.7.0 to 1.7.2 OpenNLP 1.8.0 to 1.8.1 Description: When loading model...
CVE-2017-12620
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache...
CVE-2017-12620
CVE-2017-12620 describes an XML External Entity (XXE) vulnerability in Apache OpenNLP when loading models or dictionaries that contain XML from untrusted sources. The connected documents identify the affected OpenNLP versions: 1.5.0–1.5.3, 1.6.0, and 1.7.0–1.7.2, 1.8.0–1.8.1. The XXE issue is the...