CVE-2025-6941

creationtimestamp| type| source ---|---|--- 2025-09-30 04:59:17+00:00| seen| Telegram/sirgyuOg6Fu2AHz3yq1MraqsAWwWc7Z7z3FYV6btJ6pKquo...

WordPress LatePoint plugin <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin LatePoint versions = 5.1.94...

Ubuntu 24.04 LTS : Python vulnerability (USN-6941-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6941-1 advisory. It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered private or globally reachable. Th...

CVE-2024-6941

creationtimestamp| type| source ---|---|--- 2024-07-21 09:11:15+00:00| seen| https://t.me/cvedetector/1298...

CVE-2024-6941 ThinkSAAS do.php cross site scripting

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument sitetitle/sitesubtitle/sitekey/sitedesc/siteurl/siteemail/siteicp leads to cross site scriptin...

CVE-2023-6941

creationtimestamp| type| source ---|---|--- 2024-01-15 17:27:40+00:00| seen| https://t.me/ctinow/168476 2024-01-19 23:17:05+00:00| seen| https://t.me/ctinow/170449 2024-02-03 14:21:16+00:00| seen| https://t.me/ctinow/178553...

CVE-2023-6941 Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

CVE-2023-6941 Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

CVE-2023-6941

The CVE concerns the Keap Official Opt-in Forms WordPress plugin, affected versions 1.0.11 and earlier. The vulnerability is Admin+ Stored XSS caused by insufficient sanitisation/escaping of settings (e.g., Opt in title, message, success text), which can execute scripts in the context of high-pri...

USN-4769-1: Salt vulnerabilities

It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3563 Andreas Stieger discovered that Salt...

Synology Router Manager Information Disclosure Vulnerability (CNVD-2019-08961)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. An information disclosure vulnerability exists in the /usr/syno/etc/mount.conf file in Synology SRM versions prior to 1.1.7-6941-2. The vulnerability, which originates from...

Synology Router Manager Information Disclosure Vulnerability (CNVD-2019-08958)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. An information disclosure vulnerability exists in SYNO.FolderSharing.List in Synology SRM versions prior to 1.1.7-6941-2. The vulnerability, which originates from errors su...

CVE-2018-13285

Command injection vulnerability in ftpd in Synology Router Manager SRM before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the 1 MKD or 2 RMD command...

CVE-2018-6941

A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS...

CVE-2018-6941

CVE-2018-6941 describes a CSRF vulnerability in NAT32 v2.2 Build 22284 HTTPD that can enable Remote Code Execution when an authenticated NAT32 user visits a malicious link or page. Public writeups/PoCs (e.g., Exploit-DB, PacketStorm) illustrate a payload like /shell?cmd= and document that no chec...

NAT32 2.2 Build 22284 - Cross-Site Request Forgery Vulnerability

Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32® is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CSRF CVE...

NAT32 2.2 Build 22284 - Cross-Site Request Forgery

NAT32 2.2 Build 22284 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Produc...

NAT32 2.2 Build 22284 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32® is a...

NAT32 Build 22284 Remote Command Execution / CSRF

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32r is a...

tophotels.ru XSS vulnerability

Vulnerable URL: https://tophotels.ru/auth/login?back=x%22%3E%3CsvG%20onLoad=prompt9%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6941 VIP website status:| Yes Coordinated Disclosure Timeline: Description|...