CVE-2026-7084 HBAI-Ltd Toonflow-app getCodeByLink Endpoint getCodeByLink.ts fetch server-side request forgery

A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be...

CVE-2025-7084

A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The attack can be...

CVE-2025-7084

creationtimestamp| type| source ---|---|--- 2025-07-06 17:24:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltcrzc25pf2a...

CVE-2019-7084

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution...

Ubuntu: Security Advisory (USN-7084-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : pip vulnerability (USN-7084-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7084-2 advisory. USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3...

CVE-2024-7084

creationtimestamp| type| source ---|---|--- 2024-08-06 09:09:06+00:00| seen| https://t.me/cvedetector/2534...

CVE-2024-7084

The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks...

WordPress Ajax Search Lite Plugin < 4.12.1 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Search Lite Type Plugin Vulnerable versions 4.12.1 Fixed in 4.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7084 Patch priority Low CVSS severity Low 5.9 Developer WPdreams PSID 325c5ede1534 Credits Krugov Artyom Required privile...

CVE-2023-7084

creationtimestamp| type| source ---|---|--- 2024-02-02 21:16:42+00:00| seen| https://t.me/ctinow/178270 2025-06-20 17:46:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19011...

CVE-2023-7084

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...

CVE-2023-7084 Voting Record <= 2.0 - Subscriber+ Stored XSS

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...

CVE-2023-7084 Voting Record <= 2.0 - Subscriber+ Stored XSS

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...

CVE-2023-7084

CVE-2023-7084 affects the Voting Record WordPress plugin up to version 2.0. It enables Stored XSS via authenticated users (e.g., subscribers) due to missing sanitisation and escaping in the voting data handling. The Wordfence Intelligence entry notes an unpatched status for this vulnerability, an...

WordPress Voting Record Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Voting Record Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7084 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4244145376c3 Credits Daniel Ruf Required...

Siemens SCALANCE W1750D Command Injection (CVE-2018-7084)

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete...

Security Updates for Microsoft Office Products C2R (March 2020)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabili...

CVE-2020-7084

The CVE-2020-7084 issue affects the Autodesk FBX-SDK library prior to (and including) 2019.x; multiple sources describe a NULL pointer dereference in the FBX SDK that can lead to application denial of service. The Nessus/OpenVAS entries specify the vulnerable range as FBX-SDK versions

Security Updates for Microsoft Office Products (March 2020)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabili...

CVE-2019-7084

creationtimestamp| type| source ---|---|--- 2019-05-24 19:48:15+00:00| seen| https://t.me/cvemitreorg/341...