CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

CVE-2023-33329

Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...

LumisXP 16.1.x Hardcoded Credentials / IDOR

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...

CVE-2024-33329

CVE-2024-33329 affects LumisXP versions v15.0.x–v16.1.x. The issue is a hardcoded privileged ID that enables authentication bypass, allowing access to internal pages and sensitive information. Public references (NVD, Red Hat, CNNVD, PacketStorm) corroborate a credential-based bypass vulnerability...

CVE-2023-33329

Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...

CVE-2023-33329

CVE-2023-33329: Authenticated Reflected XSS in Hijiri Custom Post Type Generator plugin

CVE-2023-33329 WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...

WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom Post Type Generator Type Plugin Vulnerable versions = 2.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33329 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 38a835231f46 Credits thiennv Requir...

CVE-2022-33329

creationtimestamp| type| source ---|---|--- 2022-10-13 15:05:03+00:00| seen| https://t.me/truesecator/3558 2022-10-13 17:22:33+00:00| seen| https://t.me/icscert/629...

Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely. The Robustel R1510 router is a...

CVE-2022-33329

Robustel R1510 OS command injection (CVE-2022-33329) exists in the web server ajax endpoints, including /ajax/set_sys_time/. The root cause is unsafe handling of user-controlled parameters (via functions like sysprintf and system), enabling arbitrary command execution on the device. Talos documen...