CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

CVE-2021-34540

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard...

AZL-62074 CVE-2025-30703 affecting package mysql for versions less than 8.0.42-1

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

PT-2023-16270 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4.4 Description: The issue is related to Stored Cross-Site Scripting, which could be caused by the lack of proper escaping of the form name. This could potentially be exploited by users with acce...

K4232: BIND version 8.4.4 and 8.4.5 vulnerability CAN-2005-0033

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

PrivateContent < 8.4.4 - Brute Force Protection Bypass

The plugin checks whether an IP is blocked or not via client-side validation, allowing attackers to bypass such protection via crafted requests...

PT-2022-20278 · WordPress · Slider Hero

Name of the Vulnerable Software and Affected Versions: Slider Hero WordPress plugin versions prior to 8.4.4 Description: The issue allows high-privileged users to perform Cross-Site Scripting attacks due to the lack of escaping in the slider Name. Recommendations: For versions prior to 8.4.4,...

Jenkins Warnings Next Generation 安全漏洞

Jenkins Warnings Next Generation is Jenkins open source an application plugin . The plug-in is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A privilege impropriety vulnerability exists in Jenkins Warnings Next Generation Plugin version...

Stack overflow

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code...

CVE-2020-12019

CVE-2020-12019 affects Advantech WebAccess Node (Version 8.4.4 and prior). The Red Hat/NVD/NVD-derived entries and ZDI advisories describe a stack-based buffer overflow in the DATACORE/WebAccess Node component that enables remote code execution without authentication. Exploitation is remote and u...

CVE-2020-12026

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

CVE-2020-12010

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control...

CVE-2020-12026

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

CVE-2020-12022

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed...

Path traversal

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

Stack overflow

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution...

Out-of-bounds

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data...

Path traversal

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control...

CVE-2020-10638

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution...

CVE-2020-12014

Advantech WebAccess Node (versions 8.4.4 and prior, 9.0.0) is affected by CVE-2020-12014: SQL injection due to improper input sanitization in BwWebSvc/SQL query construction. The Red Hat and NVD entries confirm the issue in WebAccess Node. Impact noted as potential credential disclosure and infor...