EUVD-2025-36749

Malicious code in xo-tracking npm...

MAL-2025-36749 Malicious code in testwaseempoi (npm)

The package testwaseempoi was found to contain malicious code...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file...

CVE-2023-36749

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2023-36749

Siemens RUGGEDCOM ROX family is affected by CVE-2023-36749 due to use of insecure TLS 1.0 in the webserver, enabling potential man-in-the-middle attacks with data confidentiality and integrity impact. Affected devices include ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, R...

CVE-2020-36749

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a...

CVE-2020-36749 Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a...

CVE-2020-36749

CVE-2020-36749 affects the Easy Testimonials WordPress plugin (versions up to 3.6.1). The root cause is missing or incorrect nonce validation in saveCustomFields(), enabling CSRF so that unauthenticated attackers could save custom fields by tricking an administrator. Impact is unauthenticated arb...

CVE-2022-36749

creationtimestamp| type| source ---|---|--- 2022-08-31 02:36:06+00:00| seen| https://t.me/cibsecurity/49090...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 is affected by a command injection vulnerability in the /htdocs/utils/Files.php component. The issue is triggered by a crafted payload embedded in the file name of an uploaded file, enabling potential arbitrary code execution. CVSS 3.1 base score is 9.8 (CRITICAL) with net...

CVE-2022-36749

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file...

Exploit for Incorrect Authorization in Apache Druid

CVE-2021-36749 Apache Druid 任意文件读取 受影响版本：version = 0.21.1 使...

org.apache.druid.extensions:druid-protobuf-extensions (>=0.18.0 <=0.21.1) potentially affected by CVE-2021-36749 via org.apache.druid:druid-core (>=0.18.0 <=0.21.1)

org.apache.druid:druid-core MAVEN version =0.18.0, =0.18.0, =0.21.1 Source cves: CVE-2021-36749 Source advisory: OSV:GHSA-9P5G-VG43-MJ5R...

CVE-2021-36749

creationtimestamp| type| source ---|---|--- 2021-09-24 14:30:38+00:00| seen| https://t.me/cibsecurity/29357 2021-10-16 14:21:17+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4533...

CVE-2021-36749

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-36749 Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-36749

Apache Druid CVE-2021-36749 describes an information-disclosure/reading-via-HTTP InputSource issue in the Druid ingestion system. The HTTP InputSource context permits authenticated users to read data from sources other than intended (for example, local files) with the privileges of the Druid serv...