CVE-2025-13320

creationtimestamp| type| source ---|---|--- 2025-12-12 08:22:43+00:00| seen| https://gist.github.com/Darkcrai86/ade383d4fe77a13aadb34940a70f9b76...

WordPress WP User Manager plugin <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'currentuseravatar' Parameter vulnerability discovered by YCInfosec in WordPress Plugin WP User Manager versions = 2.9.12...

CVE-2017-13320

In impeg2dbitstreamflush of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2024-13320

creationtimestamp| type| source ---|---|--- 2025-03-07 07:37:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6803 2025-03-07 10:45:20+00:00| seen| https://t.me/cvedetector/19798 2025-03-08 04:34:56+00:00| seen| Telegram/Tz89o9pY-YSxFc0JO-GTIKqLZNZ2hGHFAeThZtV6qQkmLLD...

CVE-2024-13320 CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection

The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wcfilterpricemetawhere' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2019-13320

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-13320

In impeg2dbitstreamflush of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2017-13320

creationtimestamp| type| source ---|---|--- 2024-11-27 21:33:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113557057082618478...

CVE-2017-13320

In impeg2dbitstreamflush of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2017-13320

In impeg2dbitstreamflush of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation...

GitLab 12.8 < 12.10.13 / 13.0.0 < 13.0.8 / 13.1.0 < 13.1.2 (CVE-2020-13320)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. CVE-2020-13320 Note that Nessus has not...

CVE-2020-13320

GitLab CVE-2020-13320 affects GitLab before version 12.10.13. A project member with limited permissions could view the project security dashboard, exposing security-related information. The vulnerability is documented across multiple feeds (NVD/NASL/osv/etc.) with the basic impact as confidential...

Buffalo TeraStation Command Injection (CVE-2018-13318; CVE-2018-13320; CVE-2018-13321)

A command Injection vulnerability exists in Buffalo TeraStation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2019-13320

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-13320

Foxit Reader 9.5.0.20723 is affected by a vulnerability in AcroForms where the code fails to verify object existence before operations, enabling remote code execution via malicious page/file with user interaction. Multiple connected sources (ZDI-19-637, CNVD-2019-22460, RH-CVE-2019-13320, NVD/NVD...

CVE-2018-13320

System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...

CVE-2018-13320

System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...

CVE-2018-13320

Buffalo TS5600D1206 (firmware version 3.70-0.10) contains a Command Injection vulnerability in the network.set_auth_settings function. The issue allows an attacker to trigger system commands via the adminUsername and adminPassword parameters, enabling potential remote command execution over a net...