665 matches found
CVE-2024-31802
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...
Surge in QR Code Phishing Attacks, Hits Chinese Citizens
...
CVE-2024-38277
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
May 29, 2024—KB5037853 (OS Builds 22621.3672 and 22631.3672) Preview
May 29, 2024—KB5037853 OS Builds 22621.3672 and 22631.3672 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...
CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...
CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...
Event Registration System SQL注入漏洞
Event Registration System is a QR code based event registration system by Carlo Montero, a personal developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which is caused by the presence of an unknown function in /registrar/ that leads to SQL injection via the...
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...
GHSA-MVF6-3F2G-XFXF endroid/qr-code-bundle File Disclosure via logo_path query parameter
Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...
You get a passkey, you get a passkey, everyone should get a passkey
Microsoft is rolling out passkey support for all consumer accounts. Passkeys are a very secure replacement for passwords that cant be cracked, guessed or phished, and let you log in easily, without having to type a password every time. After enabling them in Windows 11 last year, Microsoft accoun...
QR Code Composer < 2.0.4 - Subscriber+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
CVE-2024-32560
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sharabindu QR Code Composer allows Stored XSS.This issue affects QR Code Composer: from n/a through 2.0.3...
CVE-2024-32560 WordPress QR Code Composer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sharabindu QR Code Composer allows Stored XSS.This issue affects QR Code Composer: from n/a through 2.0.3...
CVE-2024-32560 WordPress QR Code Composer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sharabindu QR Code Composer allows Stored XSS.This issue affects QR Code Composer: from n/a through 2.0.3...
CVE-2024-32560
CVE-2024-32560 is a Stored XSS in QR Code Composer (Sharabindu) for WordPress. Affected: QR Code Composer up to version 2.0.3. The issue stems from improper input handling in web page generation. A patch is available (patched in Wordfence entries); remediation is to upgrade to the patched version...
WordPress Plugin QR Code Composer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress QR Code Composer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin QR Code Composer versions = 2.0.3...
WordPress QR Code Composer Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Software QR Code Composer Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32560 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b079e25db67 Credits stealthcopter Required privileg...
CVE-2024-3797
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated...
CVE-2024-3797 SourceCodester QR Code Bookmark System sql injection
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated...