CVE-2025-24777

Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7...

CVE-2025-24777

Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7...

CVE-2025-24777

CVE-2025-24777 is a PHP Object Injection vulnerability in the WordPress Hillter theme (Hillter) caused by deserialization of untrusted data. Affected: Hillter versions

WordPress Hillter Theme <= 3.0.7 is vulnerable to PHP Object Injection

Software Hillter Type Theme Vulnerable versions = 3.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-24777 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8e030521d3a0 Credits Bonds Required privilege Subscriber Published 8 Jul...

CVE-2022-24777

grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...

CVE-2024-24777

creationtimestamp| type| source ---|---|--- 2024-10-30 15:52:11+00:00| seen| https://t.me/cvedetector/9435...

CVE-2024-24777

LevelOne WBR-6012 Web Application CSRF (CVE-2024-24777) vulnerability affecting the router model LevelOne WBR-6012 with firmware R0.40e6. The web application does not enforce origin checks, allowing attackers to induce unauthorized actions via a crafted HTTP request from a malicious page. Talos c...

CVE-2023-24777

creationtimestamp| type| source ---|---|--- 2023-03-09 00:23:22+00:00| seen| https://t.me/cibsecurity/59707 2025-03-06 02:17:22+00:00| seen| Telegram/NoKTqEgq9HS1ex5O39w2KAXExJFvyz9wUQsjAURzti86Vfj...

CVE-2023-24777

CVE-2023-24777 is a SQL injection vulnerability affecting Funadmin v3.2.0 exposed via the id parameter in the /databases/table/list endpoint. The root cause is unsafely handling the id input, enabling attack execution likely over network with no user interaction, and resulting in high confidentia...

CVE-2022-24777

creationtimestamp| type| source ---|---|--- 2022-03-25 19:30:52+00:00| seen| https://t.me/cibsecurity/39544...

CVE-2022-24777 Denial of Service via reachable assertion in grpc-swift

grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...

CVE-2022-24777

CVE-2022-24777 – grpc-swift denial of service : The issue affects grpc-swift servers before version 1.7.2. It results from incorrect logic when handling GOAWAY frames, allowing a low-effort attack that can crash the server and drop all in-flight connections and requests. The impact on availabilit...

CVE-2021-24777 Hotscot Contact Form < 1.3 - Admin+ SQL Injection

The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the subid parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection...

CVE-2021-24777

The CVE-2021-24777 entry concerns the WordPress plugin Hotscot Contact Form (pre-1.3). The vulnerability arises in the view submission functionality: a GET request uses the sub_id parameter, which is not sanitized, escaped, or validated before being interpolated into a SQL statement, enabling SQL...