CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

CVE-2025-7606

A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-7606

CVE-2025-7606 affects AVL Rooms 1.0, with a SQL injection in /city.php triggered by the city parameter. The vulnerability is exploitable remotely and publicly disclosed, prompting immediate attention. Reported by multiple sources (NVD, Red Hat, CVE List) across tooling ecosystems. Root cause cent...

CVE-2025-7606 code-projects AVL Rooms city.php sql injection

A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

CVE-2023-40457

Affected software: Extreme Networks ExtremeXOS (EXOS) 30.7.1.1 running BGP daemon. Issue: BGP UPDATE attribute error mishandling for path attributes 21 and 25 can allow a remote attacker (not necessarily on a directly connected network) to trigger a denial-of-service by resetting BGP sessions. Ve...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

CVE-2024-7606

creationtimestamp| type| source ---|---|--- 2024-08-29 13:42:31+00:00| seen| https://t.me/cvedetector/4375...

CVE-2024-7606

CVE-2024-7606 (Front End Users, WordPress) stored XSS via the plugin’s shortcodes (user-search) in all versions up to 3.2.28. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts that execute when other users view the affected page. Publicly avail...

CVE-2024-7606 Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Front End Users Plugin <= 3.2.28 is vulnerable to Cross Site Scripting (XSS)

Software Front End Users Type Plugin Vulnerable versions = 3.2.28 Fixed in 3.2.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7606 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 014dbd0a1bc8 Credits Peter Thaleikis Requir...

Malicious code in wlwz-2312-7606 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3ddcb3cde7ed0b7860ba0f04e992ccc4cc565ea714af45e8e1fb9f616e1a098 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-860 Malicious code in wlwz-2312-7606 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3ddcb3cde7ed0b7860ba0f04e992ccc4cc565ea714af45e8e1fb9f616e1a098 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Multiple BGP implementations are vulnerable to improperly formatted BGP updates

Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the underlying TCP connection for the BGP session and de-peer the router. This is undesirable because a session reset impac...

USN-6323-1: FRR vulnerability

Ben Cartwright-Cox discovered that FRR did not handle RFC 7606 attributes properly. A remote attacker could possibly use this to cause denial of service...

exframe-integration (>=1.0.0 <=1.1.15), test-integration (>=2.0.0 <=2.2.7) potentially affected by CVE-2020-7606 via docker-compose-remote-api (=0.1.4)

docker-compose-remote-api NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on docker-compose-remote-api and may be impacted: - exframe-integration =1.0.0, =2.0.0, =2.2.7 Source cves: CVE-2020-7606 Source advisory: OSV:GHSA-Q6PJ-JH94-5FPR...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

CVE-2020-7606

CVE-2020-7606 affects the package docker-compose-remote-api (up to 0.1.4 and earlier). The root cause is in index.js: the function exec(serviceName, cmd, …) uses the variable serviceName, which can be controlled by users without sanitization, enabling OS command injection. Reported across multipl...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

exframe-integration (>=1.0.0 <=1.1.15), test-integration (>=2.0.0 <=2.2.7) potentially affected by CVE-2020-7606 via docker-compose-remote-api (=0.1.4)

docker-compose-remote-api NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on docker-compose-remote-api and may be impacted: - exframe-integration =1.0.0, =2.0.0, =2.2.7 Source cves: CVE-2020-7606 Source advisory:...