CVE-2026-3320

CVE-2026-3320 affects the Cradle eCommerce platform (latest demo version). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw where user-controlled input is insecurely reflected in the HTML output of the /product/ endpoint. The issue allows an attacker to execute arbitrary JavaScrip...

EUVD-2019-4694

Malware in sbrugna...

EUVD-2025-3320

Malicious code in bioql PyPI...

CVE-2025-3320

creationtimestamp| type| source ---|---|--- 2025-08-06 17:45:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvqrnespr42z...

Security Bulletin: IBM Tivoli Monitoring is affected by heap buffer overflow vulnerabilities

Summary IBM Tivoli Monitoring has addressed heap buffer overflow vulnerabilities CVE-2025-3354, CVE-2025-3320 Vulnerability Details CVEID:CVE-2025-3354 DESCRIPTION: IBM Tivoli Monitoring is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could...

CVE-2022-3320

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...

CVE-2022-38873

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-366...

CVE-2019-13167

Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Exploit

Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1 REQUIRED Tested on:...

WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting

Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Date: 2023-06-20 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1...

CVE-2023-3320

creationtimestamp| type| source ---|---|--- 2023-06-20 07:59:41+00:00| seen| https://t.me/cibsecurity/65353 2023-06-29 07:29:32+00:00| seen| https://t.me/kasraonecom/329 2023-12-11 03:31:57+00:00| seen| https://t.me/arpsyndicate/1695...

CVE-2023-3320

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the /admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and injec...

CVE-2023-3320

CVE-2023-3320 – WP Sticky Social (WordPress) is a CSRF vulnerability in versions up to 1.0.1 caused by missing nonce validation in admin.php. This allows unauthenticated attackers to modify plugin settings and inject scripts via forged requests when a site admin performs an action (e.g., clicking...

CVE-2023-3320

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the /admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and injec...

WordPress WP Sticky Social Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Sticky Social Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3320 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 98b51e0a5b9a Credits Shunsuke Aoki Required...

WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Date: 2023-06-20 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1...

CVE-2022-38873

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-366...

Design/Logic Flaw

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-366...

CVE-2022-38873

CVE-2022-38873 affects multiple D-Link DAP devices (2310, 2330, 2360, 2553, 2660, 2690, 2695, 3320, 3662). The root cause is a vulnerability that allows a Denial of Service when an attacker uploads a crafted firmware after modifying the firmware header. Impact reported as DoS with high severity C...

CVE-2022-3320

creationtimestamp| type| source ---|---|--- 2022-10-28 14:29:12+00:00| seen| https://t.me/cibsecurity/52202...