25 matches found
CVE-2026-32696
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...
CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...
EUVD-2025-32696
Malicious code in solarpeng125 npm...
CVE-2024-32696
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...
CVE-2023-32696
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...
CVE-2021-32696
The npm package "striptags" is an implementation of PHP's striptags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attack...
MediaWiki < 1.39.12, 1.40.x < 1.42.6, 1.43.x < 1.43.1 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...
CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...
CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...
CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...
CVE-2025-32696
CVE-2025-32696 (MediaWiki) is an improper preservation of permissions issue tied to RevertAction and ApiFileRevert, enabling bypass of the "reupload-own" restriction. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; root cause per Debian advisory involves bypass via reverting files. Remediatio...
CVE-2024-32696
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...
CVE-2024-32696 WordPress AI Infographic Maker OpenAI plugin <= 4.6.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...
CVE-2024-32696
CVE-2024-32696 affects AI Infographic Maker (Infographic and List Builder iList). It is an authenticated Stored XSS due to improper input neutralization during web page generation. Affected versions shown as ≤ 4.6.6 in the initial document; connected document indicates a fix was released in 4.6.7...
CVE-2024-32696 WordPress AI Infographic Maker OpenAI plugin <= 4.6.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...
WordPress Infographic Maker – iList Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)
Software Infographic Maker – iList Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baa0cb27dbc1 Credits Khalid Yusuf Required...
CVE-2023-32696 Excessive permissions for ckan user
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...
CVE-2023-32696 Excessive permissions for ckan user
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...
CVE-2023-32696
CVE-2023-32696 affects CKAN where, prior to versions 2.9.9 and 2.10.1, the ckan user (www-data) owned code/files inside the Docker container and could use sudo. This permission set could enable code execution or privilege escalation if an arbitrary file write bug existed. The vulnerability has pa...