58 matches found
CVE-2023-49152
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17...
Linux Distros Unpatched Vulnerability : CVE-2022-49152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry prese...
CVE-2025-49152 Insufficient Session Expiration in MICROSENS NMP Web+
The affected products contain JSON Web Tokens JWT that do not expire, which could allow an attacker to gain access to the system...
CVE-2025-49152
CVE-2025-49152 affects MICROSENS NMP Web+ where issued JWTs do not expire, enabling potential unauthenticated access. Connected documents confirm that tokens can be forged or used to bypass authentication, potentially allowing file overwrites or arbitrary code execution in affected products. Affe...
CVE-2025-49152 Insufficient Session Expiration in MICROSENS NMP Web+
The affected products contain JSON Web Tokens JWT that do not expire, which could allow an attacker to gain access to the system...
CVE-2025-49152
creationtimestamp| type| source ---|---|--- 2025-06-24 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07 2025-06-25 16:47:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19477 2025-06-25 20:24:49+00:00| seen|...
CVE-2022-49152
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...
CVE-2022-49152
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...
CVE-2022-49152
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...
CVE-2022-49152 XArray: Fix xas_create_range() when multi-order entry present
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...
CVE-2022-49152
CVE-2022-49152 affects the Linux kernel XArray feature, specifically the xas_create_range() path. When an existing entry with order >= XA_CHUNK_SHIFT is present, xas_create_range() can misinterpret it as a node and dereference xa_node->parent, potentially causing a crash (general protection...
CVE-2022-49152
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...
Supermicro Onboard IPMI Port 49152 Sensitive File Exposure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI Port 49152 Sensitive File Exposure', 'Description' = %q This module abuses a file exposure vulnerability...
CVE-2023-49152
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17...
CVE-2023-49152
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17...
CVE-2023-49152
CVE-2023-49152 affects Labs64 WordPress Credit Tracker (Credit Tracker plugin) up to version 1.1.17. Root cause: improper neutralization of input during web page generation, enabling Stored XSS. Impact: stored cross-site scripting could affect users accessing injected content; CVSS v3.1 base scor...
WordPress Credit Tracker Plugin <= 1.1.17 is vulnerable to Cross Site Scripting (XSS)
Software Credit Tracker Type Plugin Vulnerable versions = 1.1.17 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49152 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d02d7a19b39d Credits Ngô Thiên An ancorn from VNPT-VCI Requir...
CVE-2022-30521
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters...
CVE-2022-30521
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters...
Stack overflow
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters...