CVE-2026-7717

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

CVE-2026-7717

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

MAL-2025-7717 Malicious code in @crabas0npm2/sequi-architecto-atque (npm)

The package @crabas0npm2/sequi-architecto-atque was found to contain malicious code...

CVE-2025-7717

Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1...

CVE-2025-7717

creationtimestamp| type| source ---|---|--- 2025-07-22 14:32:48+00:00| seen| Telegram/XXGGxBqFSPAqvLKZW3DfXKx3u8StI-Bj8Xeiz-U5FjuJTA...

CVE-2025-7717

Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1...

CVE-2025-7717

CVE-2025-7717 is a Missing Authorization vulnerability in the Drupal File Download module. The issue allows forceful browsing to access protected files due to insufficient access control. Affected versions are Drupal File Download 0.0.0–1.8.9 and 2.0.0 (inclusive); versions before 1.9.0 and befor...

CVE-2025-7717 File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089

Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1...

CVE-2025-7717 File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089

Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1...

WordPress WP Events Manager Plugin <= 2.1.11 is vulnerable to SQL Injection

Software WP Events Manager Type Plugin Vulnerable versions = 2.1.11 Fixed in 2.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7717 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 8f6af9be273e Credits Arkadiusz Hydzik Required privilege Subscribe...

CVE-2024-7717

creationtimestamp| type| source ---|---|--- 2024-08-31 11:42:50+00:00| seen| https://t.me/cvedetector/4570...

CVE-2024-7717 WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection

The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

@decentverse/server (>=0.0.1 <=0.0.148), @swapscanner/truffle-hdwallet-provider-klaytn (=1.4.2) +18 more potentially affected by CVE-2020-7717 via dot-notes (>=1.1.1 <=3.1.1)

dot-notes NPM version =1.1.1, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =1.4.0, =1.0.0, =1.6.4, =0.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.1 and more Source cves: CVE-2020-7717 Source advisory: OSV:GHSA-QR4M-JCVC-3382...

CVE-2020-7717

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

CVE-2020-7717 Prototype Pollution

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

CVE-2020-7717

CVE-2020-7717 affects the npm package dot-notes. The connected documents clearly describe a prototype pollution flaw in the create function, enabling an attacker to inject properties into object prototypes. The scope covers versions prior to 3.2.1, with remediation recommending an update to 3.2.1...

@decentverse/server (>=0.0.1 <=0.0.148), @swapscanner/truffle-hdwallet-provider-klaytn (=1.4.2) +18 more potentially affected by CVE-2020-7717 via dot-notes (=3.1.1)

dot-notes NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on dot-notes and may be impacted: - @decentverse/server =0.0.1, =1.0.0, =1.0.0, =1.0.1, =1.4.0, =1.0.0, =1.6.4, =0.0.1, =1.0.0, =0.0.1, =0.1.1 and more Source cves: CVE-2020-7717...

CVE-2018-7717

The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...

CVE-2018-7717

The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...

CVE-2018-7717

The CVE-2018-7717 vulnerability affects the Joomla! extension Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3, where the function htmlImageAddTitleAttribute in sige.php allows XSS via a crafted image header (Caption-Abstract header in a JPEG). The issue is exploited by manipulating image p...