CVE-2024-13858

creationtimestamp| type| source ---|---|--- 2025-05-02 07:16:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14450 2025-05-02 08:00:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7pqa6g22 2025-05-02 11:45:46+00:00| seen| https://t.me/cvedetector/24339 2025-05-02...

CVE-2024-13858

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2024-13858

The CVE-2024-13858 entry concerns the BuddyBoss Platform plugin for WordPress and BuddyBoss Theme, affected by a Stored Cross-Site Scripting via the invitee_name parameter. Affected versions are all up to 2.8.50 (platform) and 2.8.41 (theme), with insufficient input sanitization and output escapi...

CVE-2024-13858 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name'

The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'inviteename' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

CVE-2020-13858

CVE-2020-13858 affects Mofi Network MOFI4500-4GXeLTE devices running 3.6.1-std and 4.0.8-std. The issue stems from two undocumented administrator accounts (sftp and mofidev) defined in /etc/passwd, with passwords not unique across installations. This creates potential unauthorized access risk to ...

CVE-2018-13858

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example...

CVE-2018-13858

The CVE-2018-13858 vulnerability affects MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional. It allows unauthorized remote attackers to reboot or execute other functions via the /xml/system/control.xml URL, using a GET request like ?action=reboot. The NVD entry lists ...

CVE-2017-13858

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...

CVE-2017-13858

CVE-2017-13858 affects macOS High Sierra (macOS before 10.13.2) with an input validation issue in IOKit that could allow an attacker with local access to execute arbitrary code in a privileged context via a crafted app. Connected sources (Apple security content HT208331, and OpenVAS/Nessus listin...

ikub.al Open Redirect vulnerability

Vulnerable URL: http://www.ikub.al/PageRedirect.aspx?name=bnthp=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 13858 VIP website status:| Y...

FlexCast Server Terminal Authentication Unspecified Remote Issue

The remote host is running FlexCast, an audio/video streaming server. According to its banner, the version installed on the remote host suffers from a vulnerability in suppliers / terminal authentication. While details are as-yet unavailable, it is likely the flaw is remotely exploitable...