CVE-2024-10907

CVE-2024-10907 affects lm-sys/fastchat Release v0.2.36. The server fails to handle excessive characters appended to the end of multipart boundaries, allowing an unauthenticated attacker to send malformed multipart requests. Each extra boundary character can be processed in an infinite loop, causi...

PT-2025-12080 · Unknown · Automatic1111/Stable-Diffusion-Webui

Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: The software is susceptible to a flaw where the server does not properly manage extra characters added to the end of multipart boundaries. This can be exploited by sending...

Exploit for Improper Access Control in Tastyigniter

Exploit 🛠️ Estudo de Caso: CVE-2024-44313 e o EPSS na Prioritiza...

Exploit for OS Command Injection in Ivanti Cloud_Services_Appliance

CVE-2024-8190 unauthenticated Description Combining CVE-...

CVE-2024-13478 LTL Freight Quotes – TForce Edition <= 3.6.4 - Unauthenticated SQL Injection

The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

CVE-2019-5129

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

PT-2025-1821 · Woocommerce · Wc Affiliate

Name of the Vulnerable Software and Affected Versions: WC Affiliate – A Complete WooCommerce Affiliate Plugin versions up to, and including, 2.4 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allow...

CVE-2024-9208 Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting

The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrar...

PT-2024-16883 · WordPress · Ebook Store

Name of the Vulnerable Software and Affected Versions: Ebook Store plugin for WordPress versions up to, and including, 5.8001 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...

ProjectSend R1605 Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploadin...

CVE-2024-8359

Visteon Infotainment REFLASHDDUFindFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability...

CVE-2024-11143

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the updateassistant, addnewassistant, and deleteassistant functions. This makes it possible for...

CVE-2024-9614

The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-20299

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access control list ACL and allow traffic that should have been denied to flow throu...

Siemens SIMATIC 安全漏洞

The S7-200 SMART series is a series of miniature programmable logic controllers that control a variety of small automation applications. A denial of service vulnerability exists in Siemens SIMATIC S7-200 SMART Devices due to a failure of an affected device to properly handle incorrectly structure...

CVE-2024-20486

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

CVE-2023-35727

D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

OpenJDK: long Exception message leading to crash (8319851)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

Medium: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...

CVE-2023-48298

An integer underflow vulnerability in the FPC compressions codec. An attacker can use it to cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has been pushed to the following open-source versions: v23.10.4.25, v23.9.5.29,...