123 matches found
CVE-2023-54350
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...
CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...
EUVD-2023-60581
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...
CVE-2023-54350
Affected software: WordPress Augmented-Reality plugin. Vulnerability: remote code execution via the elFinder connector. Access/Impact: unauthenticated attackers can upload and execute arbitrary PHP files on the server. How it exploits: POST to connector.minimal.php with mkfile and put commands to...
CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...
CVE-2023-54350
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...
PT-2026-47232
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...
WordPress 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On versions = 2.0.1...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...
UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks
Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...
XREAL Nebula App 安全漏洞
The XREAL Nebula App is an application designed for XREAL’s augmented reality devices. Versions of the XREAL Nebula App 3.2.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of parameters such as accessKey, secretAccessKey, and securityToken in...
CVE-2021-31882
A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. The DHCP client application does not validate the length of the Domain Name Server IP options 0x06 when processing DHCP ACK packets. This may lead to...
EUVD-2025-179812
Malicious code in ceres-augmentedreality-iota-transport npm...
EUVD-2025-180245
Malicious code in augmentedreality-frontend-cz-conventional-changelog-neptunology npm...
EUVD-2025-179333
Malicious code in deneb-multiverse-augmentedreality-phoenix npm...
EUVD-2025-179016
Malicious code in europa-augmentedreality-redgiant-halley npm...
EUVD-2025-175601
Malicious code in webdriver-mocha-scripts-hadron-augmentedreality npm...
EUVD-2025-180065
Malicious code in biohacking-release-it-augmentedreality-janus npm...
MAL-2025-185643 Malicious code in augmentedreality-frontend-cz-conventional-changelog-neptunology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f8670d124ec65024366529e678d71c9c6e75aef3c338716d5991bb1f5d1af36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...