CVE-2025-31089

CVE-2025-31089 involves Order Splitter for WooCommerce. The vulnerability is an SQL Injection in the plugin, reported as affecting Order Splitter for WooCommerce versions up to and including 5.3.0. Root cause: improper neutralization of input elements used in SQL commands. Exploitation requires a...

CVE-2025-31089 WordPress Order Splitter for WooCommerce plugin <= 5.3.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through = 5.3.0...

WordPress Order Splitter for WooCommerce plugin <= 5.3.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by LVT-tholv2k in WordPress Plugin Order Splitter for WooCommerce versions = 5.3.0...

WordPress plugin Order Splitter for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-14407 · Woocommerce · Order Splitter For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Splitter for WooCommerce versions n/a through 5.3.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

GHSA-7M7H-RGVP-3V4R hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...

Regular Expression Denial Of Service (ReDoS)

split-html-to-chars is vulnerable to regular expression denial of service. The vulnerability exists in Splitter function in index.js because the html inputs are not properly sanitized due to insufficient regular expression complexity applied when splitting html to letters for animation which allo...

Debian DSA-5165-1 : vlc - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5165 advisory. Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file is...

Royalties do Not Support Fee-On-Transfer Tokens

Lines of code Vulnerability details Impact The RoyaltyVault.sol contract interacts with the Splitter.sol to send accumulated royalties to the collection's respective recipients. The sendToSplitter function will query the balance of the royalty asset and send the amount after fee deductions to the...

One co-creator with a small share can get 100% of the funds in the splitter

Lines of code Vulnerability details Impact One co-creator with a small share can get 100% of the funds by calling the incrementWindow function from an attacker contract that mimics RoyaltyVault. He can then create one or multiple fake windows and claim them to get the full balance of the splitter...

Gas costs will likely result in any fees sent to the Splitter being economically unviable to recover.

Lines of code Vulnerability details Impact Collection owners will likely lose money by claiming fees unless the fees from a single NFT sale outweighs the cost of claiming it not guaranteed. Proof of Concept Consider a new Collection with a RoyaltyVault and Splitter set and a nonzero mint fee. Whe...

CVE-2021-38549

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38543

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

Code injection

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

Code injection

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38543

The CVE-2021-38543 entry concerns TP-Link UE330 USB splitter devices (up to 2021-08-09) vulnerable to a Glowworm attack. In certain configurations where the device powers audio-output equipment, an attacker can recover speech signals by observing the device’s power-indicator LED with an electro-o...

CVE-2021-38543

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38549

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

MIRACASE MHUB500 USB splitters 安全漏洞

MIRACASE MHUB500 USB splitters is a software application. This tool provides powerful functionality for audio output devices, allowing a remote attacker to retrieve code signaling sensors via oscilloscope and electro-optical from LEDs of connected devices. A security vulnerability in MIRACASE...

Magical Image Splitter for windows is vulnerable to dll hijacking.

Magic Image Splitter is a software to split images into multiple image blocks. Magical Image Splitter for windows has a dll hijacking vulnerability. An attacker can exploit the vulnerability to load a malicious dll and execute malicious code...