71 matches found
WordPress Assistant for NextGEN Gallery plugin path traversal vulnerability
The WordPress Assistant for NextGEN Gallery plugin is a WordPress plugin that focuses on migrating the image uploading, processing and album management features of NextGEN Gallery from a website/browser to a desktop application running on a more powerful desktop system. The WordPress Assistant fo...
CVE-2025-7641 Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion
The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated...
WordPress plugin Assistant for NextGEN Gallery 路径遍历漏洞
The WordPress Assistant for NextGEN Gallery plugin is a WordPress plugin that focuses on migrating the image uploading, processing and album management features of NextGEN Gallery from a website/browser to a desktop application running on a more powerful desktop system. The WordPress Assistant fo...
PT-2025-33459 · Unknown +1 · Nextgen Gallery +1
Name of the Vulnerable Software and Affected Versions: Assistant for NextGEN Gallery plugin for WordPress versions up to and including 1.0.9 Description: The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation i...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter cargo in the /controle/control.php endpoint. An attacker can exploit this vulnerability to execute illeg...
PT-2025-27527 · Unknown · Ai-Inference-Server
Name of the Vulnerable Software and Affected Versions: ai-inference-server affected versions not specified Description: A flaw was found in the authentication enforcement mechanism of a model inference API. The issue affects the "/v1/" endpoints, where API key validation is expected but not...
PT-2025-11184 · Tenda · Tenda Rx3
Name of the Vulnerable Software and Affected Versions: Tenda RX3 US RX3V1.0br V16.03.13.11 multi TDE01 Description: The issue is related to a buffer overflow that can be triggered via the schedStartTime and schedEndTime parameters at the "/goform/saveParentControlInfo" API endpoint. This allows...
BIT-GITLAB-2020-15525
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint...
CVE-2024-26135 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...
CVE-2016-3138
The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...
UBUNTU-CVE-2016-3138
The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...