303 matches found
CVE-2025-39570 WordPress WPCOM Member plugin <= 1.7.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through = 1.7.7...
CVE-2025-30473
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter which was a recommended pattern, Authenticated UI User could inject arbitrary SQL command...
CVE-2025-29504
Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification...
PT-2025-14803 · Unknown · Student-Manage
Name of the Vulnerable Software and Affected Versions: student-manage version 1 Description: The issue allows a local attacker to escalate privileges due to insecure permission verification. This is achieved through the unsafe permission verification process. Recommendations: For version 1,...
PT-2025-13671 · Legrand · Legrand Sms Powerview
Name of the Vulnerable Software and Affected Versions: Legrand SMS PowerView versions 1.x Description: A critical issue has been discovered, affecting an unknown functionality. The manipulation of the redirect argument leads to os command injection. The exploit has been publicly disclosed. There ...
Legrand SMS PowerView 安全漏洞
Legrand SMS PowerView is an intelligent power management system from Legrand SMS that allows users to remotely monitor and control power devices via SMS. A security vulnerability exists in Legrand SMS PowerView version 1.x. The vulnerability stems from the fact that incorrect operation of the...
CVE-2024-4023
A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...
CM Soluces Informatica Auto Atendimento 安全漏洞
CM Soluces Informatica Auto Atendimento is an application from CM Soluces Informatica, Inc. A security vulnerability exists in CM Soluces Informatica Auto Atendimento version 1.x.x, which originates from SQL injection...
CVE-2025-23505 WordPress Pit Login Welcome plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Login Welcome: from n/a through = 1.1.5...
CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
CVE-2024-56331
CVE-2024-56331 affects Uptime Kuma’s real-browser monitor, enabling Local File Inclusion via file:/// URLs. The vulnerability arises from insufficient server-side validation of the URL input, allowing an authenticated user to trigger the browser to fetch and capture local files (e.g., /etc/passwd...
AZL-54294 CVE-2024-47600 affecting package gstreamer1-plugins-base 1.20.0-3
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the formatchannelmask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the...
CVE-2024-9897
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Malicious code in verida-tech-demos (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ded9af82932dfcd9a6021dbd383ebadc322bdfc63b8c68d1981537b14ab226b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
Summary Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability CVE-2024-45048. To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, pleas...
SNMP Community Login Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snmp' class MetasploitModule 'SNMP Community Login Scanner',...
Debian dsa-5724 : openssh-client - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5724 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5724-1 [email protected] https://www.debian.org/security/...
CVE-2024-5460
CVE-2024-5460 affects Brocade Fabric OS versions before 9.0.0, where a hard-coded, default SNMP community string in the SNMP daemon config enables an authenticated, remote attacker to read data from the device. Exploitation via SNMP v1 with the static community string is implied; the vulnerabilit...
Debian dla-3834 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] https://www.debian.org/lts/security/...
PT-2024-27696 · Trendnet · Trendnet Tew-814Dap
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-814DAP version 1 FW1.01B01 Description: A stack overflow issue was discovered via the submit-url parameter at the "/formPasswordAuth" API endpoint. Recommendations: For TRENDnet TEW-814DAP version 1 FW1.01B01, avoid using the...