36088 matches found
CVE-2024-6159
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-47948
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948
Cocotais Bot (QQ bot framework) has a command-echo vulnerability. In versions 1.5.0-test2-hotfix through 1.6.1, an unauthenticated user can abuse /echo to trigger privileged behavior by injecting platform tags, causing the bot to mention all chat members and bypassing permissions. The issue stem...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-48127
Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through = 2.0.3...
CVE-2025-48127
CVE-2025-48127 is a Missing Authorization vulnerability in the WordPress plugin Push notification for Mobile and Web app , caused by misconfigured access control. Affected versions are listed as “from n/a through 2.0.3” (no public product/version details provided). The CVSS vector (AV:N/AC:L/PR:N...
WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin Push notification for Mobile and Web app versions = 2.0.3...
WordPress plugin Push notification for Mobile and Web app 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2025-21727 · Unknown · App Cheap Push Notification
Name of the Vulnerable Software and Affected Versions: App Cheap Push notification for Mobile and Web app versions n/a through 2.0.3 Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels...
CVE-2025-0921
CVE-2025-0921 describes an execution with unnecessary privileges vulnerability in Mitsubishi Electric GENESIS64 (and related ICONICS GENESIS64/GENESIS32/BizViz/MC Works64) across multiple versions. The root cause is an unauthorized write to arbitrary files via symbolic links created by a write de...
CVE-2025-0921 Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz
Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian version...
CVE-2025-0921 Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz
Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian version...
CVE-2024-6159
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2024-6159
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2024-6159 Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2024-6159 Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2024-6159
The CVE-2024-6159 issue affects the WordPress plugin Push Notification for Post and BuddyPress, vulnerable in all versions prior to 1.9.4 (≤1.93). The root cause is insufficient escaping/sanitization of user-supplied parameters in an AJAX action accessible to unauthenticated users, enabling SQL i...
WordPress plugin Push Notification for Post and BuddyPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
GHSA-CPH2-466C-3F87
creationtimestamp| type| source ---|---|--- 2025-05-14 15:26:47+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114506885070033703...