CVE-2026-2711

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

CVE-2026-2711

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

CVE-2022-2711

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

CVE-2022-2711

creationtimestamp| type| source ---|---|--- 2025-05-05 21:20:21+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15004...

CVE-2025-2711

creationtimestamp| type| source ---|---|--- 2025-03-24 21:23:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8549 2025-03-25 01:05:45+00:00| seen| https://t.me/cvedetector/21010 2025-07-16 13:26:47+00:00| confirmed|...

CVE-2025-2711 Yonyou UFIDA ERP-NC systop.jsp cross site scripting

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-2711 Yonyou UFIDA ERP-NC systop.jsp cross site scripting

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-2711

CVE-2025-2711 affects Yonyou UFIDA ERP-NC v5.0. Affected component: the /help/systop.jsp (and /help/top.jsp via langcode). Root cause: manipulation of the langcode input leads to reflected cross-site scripting (XSS). Impact: attackers can remotely exploit to execute arbitrary JavaScript in victim...

CVE-2024-2711

CVE-2024-2711 affects Tenda AC10U firmware 15.03.06.48. The vulnerability is in the addWifiMacFilter function located at /goform/addWifiMacFilter, where manipulating the deviceMac argument leads to a stack-based buffer overflow. Attacks may be launched remotely, and the exploit has been publicly ...

CVE-2023-2711

The CVE-2023-2711 entry concerns the Ultimate Product Catalog WordPress plugin (prior to 5.2.6). The vulnerability arises because some settings are not properly sanitised/escaped, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisi...

CVE-2023-2711 Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Ultimate Product Catalogue Plugin <= 5.2.5 is vulnerable to SQL Injection

Software Ultimate Product Catalogue Type Plugin Vulnerable versions = 5.2.5 Fixed in 5.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2711 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID b491eeb6f795 Credits Ilyase Dehy Required privilege...

SUSE CVE-2008-2711

fetchmail 6.3.8 and earlier, when running in -v -v aka verbose mode, allows remote attackers to cause a denial of service crash and persistent mail failure via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages...

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.9 Multiple File Upload Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-2711

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

CVE-2022-2711

CVE-2022-2711 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress) prior to version 3.6.9. The issue is improper validation of file paths for files inside uploaded zip archives, enabling highly privileged users (admins) to perform path traversal and write arbitrary...

CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

Debian: Security Advisory (DLA-2711-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-2711

The CVE-2020-2711 entry concerns Oracle Banking Payments (Core) in Oracle Financial Services Applications. Affected versions are 14.1.0–14.3.0. The vulnerability is exploitable by a low-privilege actor over HTTP from the network, potentially leading to unauthorized access to data within Oracle Ba...