19 matches found
CVE-2025-13358
creationtimestamp| type| source ---|---|--- 2025-12-06 09:38:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7cpdwso7v2u...
WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...
CVE-2020-13358
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...
CVE-2024-13358
creationtimestamp| type| source ---|---|--- 2025-03-01 04:27:34+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6037 2025-03-01 06:24:37+00:00| seen| https://t.me/cvedetector/19200 2025-03-02 11:46:31+00:00| seen| Telegram/fLSiqW7UjQJfWmdiq7iiusJ6DCVp3lS8Jq8vCfbGh4kyunlS...
CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...
CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...
TerraMaster Operating System Command Injection (CVE-2018-13358)
A command injection vulnerability exists in Terra Master. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
OpenCats 0.9.4-2 -(docx) XML External Entity Injection Vulnerability
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
OpenCats 0.9.4-2 XML Injection
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
CVE-2020-13358
creationtimestamp| type| source ---|---|--- 2020-11-17 07:38:30+00:00| seen| https://t.me/cibsecurity/16426...
CVE-2020-13358
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...
CVE-2020-13358
Removed by vendor...
CVE-2020-13358
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...
CVE-2020-13358
CVE-2020-13358 - GitLab Kubernetes agent API permission bypass vulnerable in GitLab CE/EE; affected are GitLab versions with ranges: >=13.3, =13.4, =13.5,
CVE-2019-13358
OpenCats prior to 0.9.4-3 contains an XXE in lib/DocumentToText.php that lets remote attackers read files on the underlying OS. Exploitation requires the attacker to upload a docx or odt document, triggering the entity processing. The issue is associated with OpenCats 0.9.4-3 and earlier, with fi...
CVE-2018-13358
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter...
CVE-2018-13358
TerraMaster TOS 3.1.03 contains a command-injection flaw in ajaxdata.php via the checkName parameter, enabling remote execution of arbitrary commands and potential full system compromise as described in CVE-2018-13358. The vulnerability is corroborated by multiple advisories and CNVD/NVD records ...
CVE-2018-13358
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter...