419 matches found
WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Button Block versions = 1.2.0...
WordPress AI Tools <= 4.0.7 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by theviper17 in WordPress Plugin AI Tools versions = 4.0.7...
WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Min Max Step Quantity Limits Manager for WooCommerce versions = 5.1.0...
WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability
CSRF to Arbitrary File Deletion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin POEditor versions = 0.9.10...
CVE-2024-44415
A vulnerability was discovered in DI8200-16.07.26A1, There is a buffer overflow in the dbsrvasp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow...
CVE-2022-46476
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgimain function...
CVE-2020-8090
The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS after a successful Administrator login...
CVE-2018-4025
An exploitable denial-of-service vulnerability exists in the XMLGetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot...
CVE-2018-4018
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...
CVE-2018-4017
An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability...
CVE-2018-4026
An exploitable denial-of-service vulnerability exists in the XMLGetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot...
The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
WordPress External image replace plugin <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload vulnerability
Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin External image replace versions = 1.0.8...
WordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerability
Arbitrary File Read vulnerability discovered by ch4r0n in WordPress Plugin Web3Press versions = 3.2.0...
WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability
CSRF to Arbitrary File Deletion vulnerability discovered by chuck in WordPress Plugin WP Tools versions = 5.18...
WordPress Administrator Z plugin <= 2025.03.28 - Directory Traversal Vulnerability
Directory Traversal Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Administrator Z versions = 2025.03.28...
The vulnerability of the SetDynamicDNSSettings module in D-Link DIR-853 A1 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the SetDynamicDNSSettings module in D-Link DIR-853 A1 router microprogramming software is related to buffer overflow when processing the Password parameter. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
WordPress StaffList plugin <= 3.2.7 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Anhchangmutrang in WordPress Plugin StaffList versions = 3.2.7...
CVE-2025-2191
A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16v2110403CLA32160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipulation of the argument ip6addr with the input...
CVE-2025-2191 Claro A7600-A1 Ping6 Diagnóstico form2pingv6.cgi cross site scripting
A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16v2110403CLA32160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipulation of the argument ip6addr with the input...