14 matches found
BIQS IT Biqs-drive v1.83 Local File Inclusion
A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...
CVE-2024-39433
In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...
MAL-2025-39433 Malicious code in work-cpu-process-web-web-web-web-web (npm)
The package work-cpu-process-web-web-web-web-web was found to contain malicious code...
CVE-2025-39433
Cross-Site Request Forgery CSRF vulnerability in bekero Bknewsticker bknewsticker allows Stored XSS.This issue affects Bknewsticker: from n/a through = 1.0.5...
CVE-2025-39433 WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in bekero Bknewsticker bknewsticker allows Stored XSS.This issue affects Bknewsticker: from n/a through = 1.0.5...
CVE-2025-39433 WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in bekero Bknewsticker bknewsticker allows Stored XSS.This issue affects Bknewsticker: from n/a through = 1.0.5...
CVE-2025-39433
CVE-2025-39433 : The WordPress plugin Bknewsticker (beKe_ro) suffers a CSRF vulnerability in versions up to and including 1.0.5 that enables a Stored XSS payload. The CVE details (and corroborating Red Hat/patch sources) indicate the impact includes compromised confidentiality, integrity, and ava...
WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by johska Patchstack Alliance in WordPress Plugin Bknewsticker versions = 1.0.5...
CVE-2024-39433
In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...
CVE-2023-39433
Intel CST software prior to version 2.1.10300 is affected by CVE-2023-39433 due to improper access control, enabling an authenticated user to potentially escalate privileges via local access. Affected product: IntelĀ® CST software before 2.1.10300. Root cause: improper access control. Impact: priv...
CVE-2023-39433
Improper access control for some IntelR CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2021-39433
creationtimestamp| type| source ---|---|--- 2021-10-05 00:29:47+00:00| seen| https://t.me/cibsecurity/29938...
CVE-2021-39433
BIQS IT Biqs-drive v1.83 and earlier is affected by a Local File Inclusion (LFI) vulnerability in the file parameter used by download/index.php, allowing an attacker to read arbitrary server files with web-user privileges. The issue is confirmed across multiple sources (CVE-2021-39433 entries and...
lastore-daemon D-Bus Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'lastore-daemon D-Bus Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Deepin Linux systems by using...