22 matches found
CVE-2023-29444
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...
CVE-2021-29444
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2020-29444
creationtimestamp| type| source ---|---|--- 2025-02-14 10:06:00+00:00| seen| Telegram/p7xzH-NkP9A62SWi5xIZRvvxGyn584gM6F8tpW9ByZS3...
CVE-2024-29444
...
CVE-2023-29444
creationtimestamp| type| source ---|---|--- 2024-01-10 18:27:17+00:00| seen| https://t.me/ctinow/166037 2025-05-14 20:32:28+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16399...
CVE-2023-29444
CVE-2023-29444 is an Uncontrolled Search Path Element (DLL hijacking) vulnerability affecting Kepware KepServerEX and related Kepware products. A locally authenticated attacker could escalate privileges to SYSTEM by loading a malicious DLL (and, per CISA ICS advisory, could lead to code execution...
CVE-2023-29444 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...
CVE-2022-29444
creationtimestamp| type| source ---|---|--- 2022-05-03 00:28:04+00:00| seen| https://t.me/cibsecurity/41776...
CVE-2022-29444
Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...
CVE-2022-29444 WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability
Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...
CVE-2022-29444
Cloudways Breeze WordPress plugin vulnerability CVE-2022-29444 affects versions up to 2.0.2. The issue is an XSS flaw caused by insufficient authorization and input handling in Breeze_Configuration, allowing a user with subscriber or higher role to trigger wp_ajax_* actions and modify plugin sett...
CVE-2022-29444 WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability
Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...
Atlassian Confluence < 7.11.0 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior 7.11.0. It is, therefore, affected by the following vulnerabilities : - A blind Server-Side Request Forgery SSRF vulnerability in Team Calendars parameters. CVE-2020-29445 - A...
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
CVE-2020-29444
CVE-2020-29444 affects Atlassian Confluence Server: Team Calendar component is vulnerable to a Cross-Site Scripting (XSS) attack via admin global setting parameters in versions before 7.11.0. The root cause is a failure to properly sanitize inputs in the admin settings, allowing injection of arbi...
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
CVE-2021-29444
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29444
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...