CVE-2024-41444

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so...

WordPress plugin Post Meta Data Manager Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

The vulnerabilities of the functions EVP_PKEY_param_check() and EVP_PKEY_public_check() in the OpenSSL cryptographic library allow a attacker to cause a service failure.

The vulnerability of the EVPPKEYparamcheck and EVPPKEYpubliccheck functions in the OpenSSL cryptographic library is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

EulerOS Virtualization 3.0.6.0 : shim (EulerOS-SA-2024-1706)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to...

AZL-78534 CVE-2024-4603 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

CVE-2024-32326

TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...

CVE-2024-32326

TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...

WordPress Plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15686 · WordPress · Wp Erp

Name of the Vulnerable Software and Affected Versions: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress versions up to, and including, 1.12.9 Description: The issue is related to Stored Cross-Site Scripting via the api key parameter...

ZhiCms SQL注入漏洞

ZhiCms is a professional worth-buying system of ZhiCms community. ZhiCms version 4.0 has a SQL injection vulnerability that stems from the parameter key of the file app/index/controller/mcontroller.php that causes SQL injection...

PandaX SQL Injection Vulnerability

PandaX is PandaX open source a Go language open source low-code development framework for enterprise IoT platforms. An SQL injection vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the fact that incorrect manipulation of the parameter roleKey can lead to sql...

WordPress Plugin RSS Aggregator by Feedzy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-17937 · WordPress · The Rss Aggregator By Feedzy – Feed To Post

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.2 Description: The issue is related to SQL Injection via the search key parameter due to...

Tenda AX1803 Security Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A security vulnerability exists in the Tenda AX1803 v.1.0.0.1, which stems from the presence of a buffer overflow vulnerability. An attacker can exploit the vulnerability to execute arbitrary code via the wpapskcrypto parameter of...

CVE-2023-40923

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

CVE-2023-40923

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

Sql injection

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

CVE-2023-40833

An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting...

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS v.1.0.0, which originated from allowing an attacker to gain privileges via the Id and key parameters in getCosSetting...

PT-2023-27661 · Thecosy · Thecosy Icecms

Name of the Vulnerable Software and Affected Versions: Thecosy IceCMS version 1.0.0 Description: The issue allows a remote attacker to gain privileges. This is achieved via the Id and key parameters in the getCosSetting function. Recommendations: For Thecosy IceCMS version 1.0.0, consider...