CVE-2025-6897

creationtimestamp| type| source ---|---|--- 2025-06-30 07:56:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19906 2025-06-30 10:58:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lssznsrizb25 2025-06-30 20:26:57+00:00| seen|...

CVE-2025-6897

CVE-2025-6897 affects D-Link DI-7300G+ (firmware 19.12.25A1). The vulnerability is in httpd_debug.asp; manipulating the Time parameter enables os command injection. Public exploitation evidence exists (POC/poisoned claims in multiple sources) with impacts on confidentiality, integrity and availab...

CVE-2025-6897 D-Link DI-7300G+ httpd_debug.asp os command injection

A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpddebug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2023-6897

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2023-6897

creationtimestamp| type| source ---|---|--- 2025-02-11 21:12:28+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3915 2025-02-14 10:04:00+00:00| seen| Telegram/74yY4VWKWIh9XMufFyMuLZd-JJJtcTFV5mZovtB38fMkQM...

WordPress aThemes Starter Sites Plugin <= 1.0.53 is vulnerable to Cross Site Scripting (XSS)

Software aThemes Starter Sites Type Plugin Vulnerable versions = 1.0.53 Fixed in 1.0.54 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6897 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14d453143684 Credits wesley wcraft...

CVE-2024-6897 aThemes Starter Sites <= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Ghostscript vulnerabilities (USN-6897-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6897-1 advisory. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue t...

WordPress EAN for WooCommerce Plugin <= 4.9.2 is vulnerable to Insecure Direct Object References (IDOR)

Software EAN for WooCommerce Type Plugin Vulnerable versions = 4.9.2 Fixed in 4.9.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6897 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7bcaa4f06d9a Credits Francesco...

CVE-2020-6897

CVE-2020-6897 entry is rejected and not associated with any vulnerability during 2020.

CVE-2020-6897

...

CVE-2015-6897

...

CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

CVE-2016-6897

CVE-2016-6897 describes a CSRF vulnerability in WordPress up to version 4.5.x affecting the wp_ajax_update_plugin handler in wp-admin/includes/ajax-actions.php. The issue arises from a late check_ajax_referer call, enabling remote attackers to hijack subscribers’ authentication for /dev/random re...

CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

WordPress 4.5.3 - Directory Traversal Denial of Service

WordPress 4.5.3 - Directory Traversal Denial of Service Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to...

CVE-2016-6897

creationtimestamp| type| source ---|---|--- 2016-08-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40288 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/wordpressdirectorytraversaldos.rb 2025-02-06...

WordPress Core 4.5.3 - Directory Traversal / Denial of Service

Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to create a denial of service condition of an affected...

CVE-2014-6897

The Skyrim Map aka com.neko.skyrimmap application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...