EUVD-2026-1538

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...

EUVD-2015-4516

Malware in sbrugna...

CVE-2022-1538

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

CVE-2001-1538

SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access...

CVE-2025-1538

creationtimestamp| type| source ---|---|--- 2025-02-21 15:23:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4904 2025-02-21 16:31:34+00:00| published-proof-of-concept| Telegram/tDCBdMcOgnZL82yA9NlC0UZrhiY4fZOvmxRMeD3Avyss0s 2025-02-21 17:48:35+00:00| seen|...

CVE-2025-1538 D-Link DAP-1320 api set_ws_action heap-based overflow

A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function setwsaction of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and m...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

CVE-2024-1538

CVE-2024-1538 affects the WordPress File Manager plugin up to version 7.2.4. The root cause is missing or incorrect nonce validation on the wp_file_manager page that includes files via the 'lang' parameter, enabling unauthenticated attackers to cause local JavaScript inclusion and potentially ach...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

WordPress File Manager Plugin <= 7.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Type Plugin Vulnerable versions = 7.2.4 Fixed in 7.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1538 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8e5b8ea35374 Credits 0xBishop Required...

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza...

CVE-2022-1538

creationtimestamp| type| source ---|---|--- 2024-01-19 23:17:06+00:00| seen| https://t.me/ctinow/170450 2024-02-06 14:46:26+00:00| seen| https://t.me/ctinow/180023...

CVE-2022-1538

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

CVE-2022-1538 Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

CVE-2022-1538

The connected data confirms CVE-2022-1538 affects the WordPress Theme Demo Importer plugin prior to 1.1.1. The root cause is a lack of validation of imported files, enabling high-privilege users (e.g., admin) to upload arbitrary files such as PHP even when FILE_MODS and FILE_EDIT are disallowed. ...

CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...

SUSE CVE-2013-1538

Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors...

Design/Logic Flaw

An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread in stream.c:1538...

Mageia: Security Advisory (MGASA-2014-0419)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for speex (openSUSE-SU-2021:1538-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...