@aaasd/pocpoc (=99.99.9996), internal-company-module-test-1337 (>=99.99.9991 <=99.99.9995) potentially affected by unknown CVE via internal-company-module-test-1337 (=99.99.9996)

internal-company-module-test-1337 NPM version =99.99.9996 is affected by a known vulnerability. The following packages have a transitive dependency on internal-company-module-test-1337 and may be impacted: - @aaasd/pocpoc =99.99.9996 - internal-company-module-test-1337 =99.99.9991, =99.99.9995...

ECHO-2E0F-66C1-3249

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2015-3249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon...

CVE-2022-3249

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks...

CVE-2025-3249

creationtimestamp| type| source ---|---|--- 2025-04-04 14:36:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10460 2025-04-04 18:01:19+00:00| seen| https://t.me/cvedetector/22132...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

CVE-2025-3249 TOTOLINK A6000R mtkwifi.lua apcli_cancel_wps command injection

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

CVE-2025-3249

CVE-2025-3249 affects TOTOLINK A6000R 1.0.1-B20201211.2000. The issue is in the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua , enabling remote command injection . Several sources confirm this vulnerability with public disclosure and potential exploitation.

CGA-54JF-3249-2248

Bulletin has no description...

CVE-2024-3249

CVE-2024-3249: The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks on import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings in all versions up to 1.6.2. Authenticated a...

WordPress Zita Elementor Site Library Plugin <= 1.6.2 is vulnerable to Broken Access Control

Software Zita Elementor Site Library Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3249 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ee7892685efa Credits Lucio Sá Required...

CVE-2023-3249

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

CVE-2023-3249

The WordPress plugin Web3 – Crypto wallet Login & NFT token gating (Web3 authentication) is affected by CVE-2023-3249. Affected versions up to and including 2.6.0 suffer an authentication bypass due to an incorrect check in the hidden_form_data routine, allowing an authenticated attacker to log i...

CVE-2023-3249 Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

WordPress Web3 – Crypto wallet Login & NFT token gating Plugin <= 2.6.0 is vulnerable to Bypass Vulnerability

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2023-3249 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 137db20e70bb Credits...

CVE-2022-3249

creationtimestamp| type| source ---|---|--- 2022-12-05 20:40:01+00:00| seen| https://t.me/cibsecurity/54000...

CVE-2022-3249

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks...

CVE-2022-3249 WP CSV Exporter < 1.3.7 - Admin+ SQLi

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks...

CVE-2022-3249 WP CSV Exporter < 1.3.7 - Admin+ SQLi

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks...

CVE-2022-3249

The CVE-2022-3249 vulnerability affects the WP CSV Exporter WordPress plugin prior to version 1.3.7. The root cause is improper sanitisation/escaping of certain parameters before they are used in SQL statements, enabling authenticated high-privilege users (e.g., admins) to perform SQL injection. ...