12 matches found
MAL-2025-36750 Malicious code in testzerocool (npm)
The package testzerocool was found to contain malicious code...
CVE-2021-36750
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users across USB drives sold under multiple brand names...
CVE-2020-36750
The CVE-2020-36750 entry concerns the WordPress EWWW Image Optimizer plugin. Affected component: ewww_ngg_bulk_init() function in versions up to and including 5.8.1. Root cause: insufficient nonce validation leads to a Cross-Site Request Forgery (CSRF). Impact: unauthenticated attackers could tri...
CVE-2020-36750 EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass
The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewwwnggbulkinit function. This makes it possible for unauthenticated attackers to perform bulk image...
CVE-2023-36750
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...
CVE-2023-36750
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...
CVE-2023-36750
Siemens RUGGEDCOM ROX family (MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) are affected by CVE-2023-36750. The issue is a command injection in the web interface via the software-upgrade URL parameter caused by missing server-side input sanitation. An a...
CVE-2022-36750
creationtimestamp| type| source ---|---|--- 2022-08-11 00:26:34+00:00| seen| https://t.me/cibsecurity/47902...
CVE-2022-36750
CVE-2022-36750 : Clinic’s Patient Management System v1.0 is vulnerable to SQL injection through /pms/update_user.php?id=. The CVSS 3.1 base score is 9.8 (CRITICAL) with network attack vector, low complexity, and no privileges required. Affected component is the update_user endpoint handling the i...
CVE-2021-36750
creationtimestamp| type| source ---|---|--- 2021-12-22 16:18:20+00:00| seen| https://t.me/cibsecurity/34494...
CVE-2021-36750
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users across USB drives sold under multiple brand names...
CVE-2021-36750
Summary: CVE-2021-36750 affects ENC DataVault prior to 7.2 and VaultAPI v67, where a faulty key derivation process is reported. The described vulnerability enables attackers to determine the passwords of all DataVault users across USB drives branded by multiple vendors. The root cause is describe...