CVE-2026-24957 WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2023-24957

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2025-24957

creationtimestamp| type| source ---|---|--- 2025-02-03 22:04:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113942216465394142 2025-02-03 22:16:22+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhckz2bk262n 2025-02-03 23:40:44+00:00| seen|...

CVE-2025-24957

WeGIA (Web Manager for Charitable Institutions) has a SQL Injection flaw in the get_detalhes_socio.php endpoint (parameter id_socio). The vulnerability could allow an authorized attacker to run arbitrary SQL and access or delete sensitive data. According to CVE records, the issue is addressed in ...

CVE-2025-24957 SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, getdetalhessocio.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information...

CVE-2025-24957 SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, getdetalhessocio.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information...

CVE-2024-24957

AutomationDirect Productivity PLCs (P3-550E CPU) with FW 1.2.10.9 are affected by CVE-2024-24957, part of a set of out-of-bounds/write vulnerabilities in the Programming Software Connection FileSystem API. The Talos report documents multiple null-byte write and related overflow issues that can be...

CVE-2023-24957 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

Security Bulletin: Stored cross-site vulnerability when performing a document upload using Responsive Document Explorer affect IBM Business Automation Workflow - CVE-2023-24957

Summary IBM Business Automation Workflow is vulnerable to a Stored cross-site vulnerability when performing a document upload using Responsive Document Explorer. Vulnerability Details CVEID:CVE-2023-24957 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This...

CVE-2021-24957

creationtimestamp| type| source ---|---|--- 2022-04-25 20:36:22+00:00| seen| https://t.me/cibsecurity/41395...

CVE-2021-24957

The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection...

CVE-2021-24957

The CVE-2021-24957 entry concerns the WordPress plugin Advanced Page Visit Counter (versions before 6.1.6). The root cause is that the artID parameter is not escaped before being interpolated into a SQL statement in the apvc_reset_count_art AJAX action, which is accessible to any authenticated us...

CVE-2021-24957 Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection...

CVE-2022-24957

creationtimestamp| type| source ---|---|--- 2022-03-29 07:40:59+00:00| seen| https://t.me/cibsecurity/39715...

CVE-2022-24957

DHC Vision eQMS (v5.4.8.322 and earlier) is affected by a Persistent XSS due to insufficient encoding of untrusted input/output. An attacker must create/edit an information object and use the XSS payload as the name; any user opening the object’s version or history tab can be attacked. No remedia...

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...