Lucene search
+L

22 matches found

attackerkb
attackerkb
added yesterday5 views

CVE-2026-12979

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS6.2AI score0.00139EPSS
Exploits0References1
circl
circl
added 2025/11/13 4:25 a.m.10 views

CVE-2025-12979

creationtimestamp| type| source ---|---|--- 2025-11-13 04:25:39+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5id4vog7ia2 2025-11-13 06:53:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5ilfrp3vb2u...

5.3CVSS5.7AI score0.00233EPSS
Exploits0References2
osv
osv
added 2024/12/27 5:15 a.m.7 views

CVE-2024-12979

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cnupdate of the file /parse/alledits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

6.1CVSS3.7AI score0.00497EPSS
Exploits1References5
circl
circl
added 2024/12/27 4:32 a.m.16 views

CVE-2024-12979

creationtimestamp| type| source ---|---|--- 2024-12-27 04:32:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113722915450338331 2024-12-27 04:37:28+00:00| seen| https://infosec.exchange/users/cve/statuses/113722933120796706 2024-12-27 05:15:35+00:00| seen|...

6.9CVSS4.5AI score0.00497EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2024/12/27 4:31 a.m.13 views

CVE-2024-12979 code-projects Job Recruitment _all_edits.php cn_update cross site scripting

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cnupdate of the file /parse/alledits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

6.9CVSS6.2AI score0.00497EPSS
Exploits1References5
amazon
amazon
added 2024/01/22 12:0 a.m.36 views

Important: ImageMagick

Issue Overview: Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable. CVE-2016-5841 ImageMagick 7.0.7-12 Q16, a CPU exhaustion...

9.8CVSS10AI score0.13393EPSS
Exploits53
cvelist
cvelist
added 2021/06/11 9:44 p.m.9 views

CVE-2020-12979

...

Exploits0
openvas
openvas
added 2020/07/31 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1806)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.03716EPSS
Exploits18References2
redhatcve
redhatcve
added 2019/07/23 7:0 a.m.39 views

CVE-2019-12979

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c...

7.8CVSS3.3AI score0.02357EPSS
Exploits0References3
nessus
nessus
added 2019/07/12 12:0 a.m.38 views

ImageMagick < 7.0.8-35 Multiple vulnerabilities

The version of ImageMagick installed on the remote Windows host is prior to 7.0.8-35. It is, therefore, affected by multiple vulnerabilities: - A 'use of uninitialized value' vulnerability in the WriteJP2Image function in coders/jp2.c. CVE-2019-12977 - A 'use of uninitialized value' vulnerability...

7.8CVSS6.8AI score0.02381EPSS
Exploits1References12
nvd
nvd
added 2019/06/26 6:15 p.m.18 views

CVE-2019-12979

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c...

7.8CVSS8.4AI score0.02357EPSS
Exploits0References6
cve
cve
added 2019/06/26 5:9 p.m.250 views

CVE-2019-12979

CVE-2019-12979 : ImageMagick 7.0.8-34 contains a vulnerability in SyncImageSettings (MagickCore/image.c) caused by a use of an uninitialized value in AcquireImage. This can affect ImageMagick installations that process crafted images and is rated with partial impacts to confidentiality, integrity...

7.8CVSS7.8AI score0.02357EPSS
Exploits0References6Affected Software1
debiancve
debiancve
added 2019/06/26 5:9 p.m.44 views

CVE-2019-12979

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c...

7.8CVSS8AI score0.02357EPSS
Exploits0
exploitdb
exploitdb
added 2018/07/13 12:0 a.m.84 views

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version: FW 01 - 01.01.1001 fixed version: FW 02 CVE...

8.8CVSS6.2AI score0.3014EPSS
Exploits8
circl
circl
added 2018/07/13 12:0 a.m.17 views

CVE-2018-12979

creationtimestamp| type| source ---|---|--- 2018-07-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45014...

6.5CVSS6.8AI score0.07874EPSS
Exploits6References1
osv
osv
added 2018/07/12 6:29 p.m.7 views

CVE-2018-12979

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM...

6.5CVSS5.8AI score0.07874EPSS
Exploits6References6
cve
cve
added 2018/07/12 6:0 p.m.85 views

CVE-2018-12979

Affected product/versions: WAGO e!DISPLAY 762-3000 to 762-3003 with firmware before 02. Vulnerability: CVE-2018-12979, Incorrect default/critical resource permissions, enabling an authenticated user to overwrite files via the WBM upload path. Impact (per sources): potential unauthorized modificat...

6.5CVSS7.3AI score0.07874EPSS
Exploits6References6Affected Software1
zdt
zdt
added 2018/07/12 12:0 a.m.117 views

WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution Vulnerabilities

WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.1001 suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities. ======================================================================= title: Remote code execution via multiple attack...

6.8AI score0.3014EPSS
Exploits8
packetstorm
packetstorm
added 2018/07/11 12:0 a.m.83 views

WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version: FW 01 - 01.01.1001 fixed version: FW 02 CVE...

6.6AI score0.3014EPSS
Exploits8
osv
osv
added 2017/08/21 7:29 a.m.17 views

CVE-2017-12979

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...

6.1CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder