17 matches found
CVE-2026-13208
creationtimestamp| type| source ---|---|--- 2026-06-24 23:18:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp32fkx4mk25...
CVE-2026-13208
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...
CVE-2025-13208
CVE-2025-13208 affects FantasticLBP Hotels Server, with an SQL injection in controller/api/hotelList.php where manipulating the subjectId/cityName parameter can expose or modify data. The vulnerability is exploitable remotely and public exploits exist. Affected versions are stated as prior to 67b...
CVE-2019-13208
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0...
CVE-2024-13208
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13208
creationtimestamp| type| source ---|---|--- 2025-02-15 06:05:43+00:00| seen| https://infosec.exchange/users/cve/statuses/114006395679188174 2025-02-15 06:15:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li72wrpebe2o 2025-02-15 07:11:13+00:00| seen|...
CVE-2024-13208
The CVE-2024-13208 entry refers to the Maps Plugin using Google Maps for WordPress that, prior to version 1.9.4, does not sanitize and escape certain settings. This could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is not allowed (such as in multisite). The v...
CVE-2024-13208 WP Google Map < 1.9.4 - Admin+ Stored XSS
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13208 WP Google Map < 1.9.4 - Admin+ Stored XSS
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2020-13208
...
CVE-2020-13208
CVE-2020-13208 is rejected/not used; this CVE ID does not represent an active vulnerability entry.
CVE-2019-13208
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0...
CVE-2019-13208
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0...
CVE-2019-13208
The CVE-2019-13208 vulnerability affects Waves MAXX Audio: WavesSysSvc64.exe (v1.9.29.0) suffers privilege escalation due to DLL side loading caused by the General registry key granting Full Control to the Users group. This is a local escalation scenario with potential high impact as described in...
CVE-2019-13208
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0...
CVE-2018-13208
The CVE-2018-13208 entry concerns MoneyTree (TREE) Ethereum token: the sell function of its smart contract is vulnerable to an integer overflow where amount * sellPrice can become zero, thereby reducing the seller’s assets. This is documented as a vulnerability in the contract’s sell operation, w...
CVE-2017-13208
CVE-2017-13208 affects Android via libnetutils/packet.c receive_packet, enabling a possible remote code execution through an out-of-bounds write on DHCP responses. Impacted Android versions: 5.1.1–8.1. Vector: network; no user interaction required; no additional privileges needed. The Android Sec...