CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

MINI-9452-JV4G-C4F4

Bulletin has no description...

CVE-2025-9452

creationtimestamp| type| source ---|---|--- 2025-12-16 13:47:06+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115729552193462662 2025-12-17 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1120/...

CVE-2017-9452

Cross-site scripting XSS vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter...

RockyLinux 9 : pcp (RLSA-2024:9452)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9452 advisory. pcp: pmpost symlink attack allows escalating pcp to root user CVE-2024-45770 pcp: pmcd heap corruption through metric pmstore operations CVE-2024-45769...

CVE-2024-9452 Branding <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inje...

WordPress Branding Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Branding Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9a460029372b Credits Francesco Carlucci Required privile...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9452)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9452 advisory. - KVM: do not allow mapping valid but non-reference-counted pages Nicholas Piggin Orabug: 33054089 CVE-2021-22543 CVE-2021-22543 - Input: joydev -...

CVE-2020-9452

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine...

CVE-2020-9452

CVE-2020-9452 affects Acronis True Image 2020 (v24.5.22510). The issue resides in anti_ransomware_service.exe’s quarantine functionality, which can copy a suspected ransomware file between directories with SYSTEM privileges. Unprivileged users have write access in the quarantine folder, enabling ...

CVE-2015-9452

creationtimestamp| type| source ---|---|--- 2019-10-08 15:49:28+00:00| seen| https://t.me/cibsecurity/7270...

CVE-2015-9452

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nexformsId parameter...

CVE-2015-9452

CVE-2015-9452 affects the WordPress plugin nex-forms-express-wp-form-builder prior to version 4.6.1, with an SQL injection vulnerability exploitable via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. The issue is documented across multiple sources; CVSS shows high to critical ...

CVE-2019-9452

CVE-2019-9452 affects the Android kernel, specifically the SEC_TS touch driver. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure with System execution privileges required. Exploitation does not require user interaction. The provided conn...

CVE-2018-9452

CVE-2018-9452 affects the Android Framework, tied to getOffsetForHorizontal in Layout.java, causing a possible application hang/DoS from wide inputs with hidden Unicode characters. The issue affects Android 7.0–9.0 and requires user interaction for exploitation; patches were issued for the 2018-1...

Security Bulletin: Multiple vulnerabilities in Drupal Core affect IBM API Management (CVE-2016-9449, CVE-2016-9450, CVE-2016-9451, CVE-2016-9452)

Summary Drupal is used by the Advanced Developer Portal in IBM API Management. IBM API Management has updated the level of Drupal it provides to address the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9449 DESCRIPTION: Drupal Core could allow a remote authenticated attacker to obtain...

CVE-2017-9452

Cross-site scripting XSS vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2017-9452

CVE-2017-9452 describes a cross-site scripting (XSS) vulnerability in the Piwigo web photo gallery. The issue is in the admin.php handler where the parameter page can be manipulated to inject arbitrary script or HTML. Affected software: Piwigo 2.9.0 and earlier. Impact: remote attackers could exe...

mtb.com XSS vulnerability

Vulnerable URL: https://www.mtb.com/search?k=%22%2D%2D%3E%20%3C%2Fscript%3E%3Csvg%2Fonload%3D%27%3Balert%28document%2Ecookie%29%3B%27%3E Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:22 GMT Vulnerability type:| XSS Vulnerability status:|...