23 matches found
EUVD-2024-2602
Malicious code in bioql PyPI...
CVE-2025-47549
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...
CVE-2025-47549 WordPress BEAF <= 4.6.10 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10...
CVE-2025-47549 WordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...
CVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
CVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
RichText Field Type 安全漏洞
RichText Field Type is an open source application from Ibexa. A security vulnerability exists in RichText Field Type versions prior to 4.6.10 that stems from the validator of RichText Field Type blocking javascript: and vbscript: in links to prevent cross-site scripting attacks. However, this che...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
WordPress Plugin Shariff Wrapper 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Shariff Wrapper Plugin <= 4.6.9 is vulnerable to Cross Site Scripting (XSS)
Software Shariff Wrapper Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0966 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32b0d6ace355 Credits Muhammad Daffa Required...
WordPress plugin Shariff Wrapper security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
PT-2024-16732 · WordPress · Shariff Wrapper
Name of the Vulnerable Software and Affected Versions: Shariff Wrapper WordPress plugin versions prior to 4.6.10 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example,...
Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the...
Stormshield Network Security Security Vulnerabilities
Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security that stems from a vulnerability that allows an attacker to make a cookie threshold overflow, which could...
PT-2023-30300 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.3.13 through 4.3.22 Stormshield Network Security SNS versions 4.6.0 through 4.6.9 Stormshield Network Security SNS versions 4.7.0 through 4.7.1 Description: An issue was discovered in Stormshield...
starter-public-edition-4 安全漏洞
starter-public-edition-4 is a CodeIgniter-based PHP application for beginners by the individual developer Ivan Tcholakov. A security vulnerability exists in starter-public-edition-4 version 4.6.10 and earlier versions. An attacker exploits the vulnerability to perform cross-site scripting attacks...
Zoom Client < 4.6.10 Windows Installer Vulnerability (ZSB-20001) - Windows
Zoom Client is prone to a vulnerability in the Windows installer. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2020-6110
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...
CVE-2020-6109
CVE-2020-6109 affects Zoom Client prior to 4.6.12 (notably 4.6.10) where a crafted chat message can trigger a path traversal in message processing, allowing arbitrary file write and potential code execution. The vulnerability exists when processing messages (including animated GIFs) sent by a rem...