55 matches found
CVE-2026-9374
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
CVE-2026-9374 yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
CVE-2018-9374
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
MAL-2025-9374 Malicious code in @supernpm2024/nam-mollitia-assumenda-in (npm)
The package @supernpm2024/nam-mollitia-assumenda-in was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2016-9374
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This...
Linux Distros Unpatched Vulnerability : CVE-2017-9374
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory leak in QEMU aka Quick Emulator, when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service memory...
CVE-2018-9374
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9374
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9374
CVE-2018-9374 affects Android’s PackageManagerService.java, specifically installPackageLI, enabling a possible permissions bypass that could lead to local elevation of privilege. Exploitation would require local user privileges with no user interaction, per the CVE description. The issue is liste...
CVE-2024-9374
creationtimestamp| type| source ---|---|--- 2024-10-24 08:27:20+00:00| seen| https://t.me/cvedetector/8774...
CVE-2024-9374 Terms descriptions <= 3.4.6 - Reflected Cross-Site Scripting
The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9374 Terms descriptions <= 3.4.6 - Reflected Cross-Site Scripting
The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress Terms descriptions Plugin <= 3.4.6 is vulnerable to Cross Site Scripting (XSS)
Software Terms descriptions Type Plugin Vulnerable versions = 3.4.6 Fixed in 3.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9374 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8fca607d99fe Credits vgo0 Required...
CGA-7FV5-FQ67-9374
Bulletin has no description...
SUSE CVE-2016-9374
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable...
CVE-2020-9374
creationtimestamp| type| source ---|---|--- 2022-12-11 18:43:05+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/727...
Mageia: Security Advisory (MGASA-2015-0010)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2946-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:1795-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TP-Link TL-WR849N Routers Remote Code Execution (CVE-2020-9374)
A command execution vulnerability exists in Tplink tlwr849n firmware 0.9.1 4.16. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...