45 matches found
CVE-2026-7354 vulnerabilities
Vulnerabilities for packages: chromium...
Linux Distros Unpatched Vulnerability : CVE-2026-7354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted...
MINI-7354-WGF2-4WHH
Bulletin has no description...
MiracleLinux 8 : openssl-1.1.1k-12.el8_9 (AXSA:2024-7354:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7354:01 advisory. openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 OpenSSL: Excessive time spent checking DH q parameter value CVE-2023-381...
EUVD-2023-44564
Malicious code in bioql PyPI...
EUVD-2023-44566
Malicious code in bioql PyPI...
MAL-2025-7354 Malicious code in @crabas0npm/ipsum-doloremque-iure (npm)
The package @crabas0npm/ipsum-doloremque-iure was found to contain malicious code...
CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-7354
CVE-2025-7354 affects WordPress sites running the WP Shortcodes Plugin — Shortcodes Ultimate. The vulnerability is a Stored Cross-Site Scripting (XSS) in all versions up to 7.4.2 caused by insufficient input sanitization and output escaping on user-supplied attributes within shortcodes. Exploitat...
CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Plugin Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...
CVE-2024-7354
creationtimestamp| type| source ---|---|--- 2024-09-02 12:12:20+00:00| seen| https://t.me/cvedetector/4611...
CVE-2024-7354
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects...
CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0...
CVE-2023-3940
CVE-2023-3940 involves a Relative Path Traversal affecting ZkTeco-based OEM devices (notably ZAM170-NF-1.8.25-7354-Ver1.0.0 on ProFace X and related Smartec models). Connected sources describe path traversal in relative path handling that can allow an attacker to access arbitrary files on the dev...
CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...
CVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...
CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...