854 matches found
Dell ECS 安全漏洞
Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from a certification bypass in Geo replication, whic...
WordPress Geo Mashup plugin <= 1.13.19 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Geo Mashup versions = 1.13.19...
WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...
WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...
WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...
CVE-2026-6457
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-4061
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-4062
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...
CVE-2026-4060
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...
CVE-2026-42367
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability...
EUVD-2026-26857
Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...
CVE-2026-7161
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...
CVE-2026-4061
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-4062
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...
CVE-2026-4060
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...
CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...
CVE-2026-4061 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-4061
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...
EUVD-2026-26779
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...