CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

CVE-2025-14709

A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/httpeshellserver of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation o...

CVE-2025-14708

A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpeshellserver of the component WIREDCFGGET Interface. Executing manipulation of the argument params can lead to buffer overflow. The attack may be...

EUVD-2025-203342

A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpeshellserver of the component WIREDCFGGET Interface. Executing manipulation of the argument params can lead to buffer overflow. The attack may be...

CVE-2025-14707

A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...

CVE-2025-14706

A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/httpeshellserver of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and mig...

CVE-2025-14706

A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/httpeshellserver of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and mig...

CVE-2025-14706 Shiguangwu sgwbox N3 NETREBOOT http_eshell_server command injection

A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/httpeshellserver of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and mig...

CVE-2025-14704 Shiguangwu sgwbox N3 API eshell path traversal

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor...

EUVD-2025-203325

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...

CVE-2025-14703 Shiguangwu sgwbox N3 POST Message fsnotify improper authentication

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...

SGWBox N3 授权问题漏洞

SGWBox N3 is a network storage device from China's Pickup Dock SGWBox. An authorization issue vulnerability exists in SGWBox N3 version 2.0.25, which stems from incorrect manipulation of the parameter token in the file/fsnotify, which could lead to improper authentication...

SGWBox N3 命令注入漏洞

SGWBox N3 is a network storage device from China's Pickup Dock SGWBox. A command injection vulnerability exists in SGWBox N3 version 2.0.25, which stems from incorrect manipulation of the parameter params in the file /usr/sbin/httpeshellserver, which could lead to command injection...

PT-2025-51191

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...

PT-2025-51208

A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/http eshell server of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation...

SGWBox N3 命令注入漏洞

SGWBox N3 is a network storage device from China's Pickup Dock SGWBox. A command injection vulnerability exists in SGWBox N3 version 2.0.25, which stems from incorrect manipulation of the parameter params in the file /usr/sbin/httpeshellserver, which could lead to command injection...

SGWBox N3 路径遍历漏洞

SGWBox N3 is a network storage device from China's Pickup Dock SGWBox. A path traversal vulnerability exists in SGWBox N3 version 2.0.25, which stems from incorrect manipulation of the file/eshell and could lead to path traversal...

EUVD-2023-49575

Malicious code in bioql PyPI...

CVE-2024-51664

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25...

WordPress Beds24 Online Booking plugin <= 2.0.25 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Roby Firnando Yusuf Patchstack Alliance in WordPress Plugin Beds24 Online Booking versions = 2.0.25...