MINI-F843-WVGM-2744

Bulletin has no description...

CVE-2024-2744

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

MINI-M3C8-2744-QG2H

Bulletin has no description...

Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to version 3.50.2 CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. bsc1246597 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2023-2744

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2022-2744

A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/addexercises.php of the component Background Management. The manipulation of the argument exerimg leads to unrestricte...

CVE-2020-2744

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Security. Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportati...

CVE-2025-2744

creationtimestamp| type| source ---|---|--- 2025-03-25 07:23:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8621 2025-03-25 09:27:25+00:00| seen| https://t.me/cvedetector/21051...

CVE-2025-2744

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is...

CVE-2025-2744 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is...

CVE-2025-2744 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is...

CVE-2024-2744

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-2744

The CVE refers to NextGEN Gallery WordPress plugin prior to 3.59.1. It allows stored XSS because some settings aren’t sanitized/escaped, enabling high-privilege users (e.g., admins) to execute scripts after interaction. CVSSv3.1 base score 4.3 (Medium) with AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L. Re...

CVE-2024-2744 Nextgen Gallery < 3.59.1 - Admin+ Stored XSS

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress NextGEN Gallery Plugin < 3.59.1 is vulnerable to Cross Site Scripting (XSS)

Software NextGEN Gallery Type Plugin Vulnerable versions 3.59.1 Fixed in 3.59.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2744 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59c77919ffbb Credits Dmitrii Ignatyev Require...

CVE-2023-2744

creationtimestamp| type| source ---|---|--- 2023-12-31 07:29:21+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6345 2024-01-01 05:59:02+00:00| seen| https://t.me/arpsyndicate/2301 2024-01-01 18:14:00+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9698...

Exploit for CVE-2023-2744

Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection D...

WordPress WP ERP 1.12.2 SQL Injection

Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Date: 15-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledge...

WordPress WP ERP 1.12.2 SQL Injection Vulnerability

Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledged ERP Enterprise...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rekor (SUSE-SU-2023:2744-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2744-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...