200 matches found
CVE-2024-52348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA Extensions AA Audio Player aa-audio-player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through = 1.0...
CVE-2025-24583
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.16.5...
CVE-2025-24583
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.16.5...
CVE-2024-33544
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10...
CVE-2024-33546
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10...
CVE-2024-33547
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10...
CVE-2024-33549
Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10...
Malicious code in aa-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd321f0852dcc9dfd3186bbde3c8ba367be98c8f8f47d93954672d5f7c702bf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-52348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA Extensions AA Audio Player aa-audio-player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through = 1.0...
CVE-2024-52348
CVE-2024-52348 is an XSS vulnerability in the WordPress plugin AA Audio Player (“aaextention”), described as DOM-based XSS caused by improper input neutralization during web page generation. Affected versions are listed as n/a through 1.0. Public sources in the Connected documents reiterate the s...
WordPress plugin AA Audio Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-35189 · Unknown · Aa Audio Player
Name of the Vulnerable Software and Affected Versions: AA Audio Player versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a DOM-Based XSS vulnerability. This means...
Malicious code in viem-aa-sdk-compatible (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bec68a21bfe31654a412ae6b261f9af4acb88ddd4bf645499f7e6ea15cc3c255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10234 Malicious code in viem-aa-sdk-compatible (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bec68a21bfe31654a412ae6b261f9af4acb88ddd4bf645499f7e6ea15cc3c255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +3120 more potentially affected by CVE-2024-47874 via starlette (>=0.10.1 <=0.39.2)
starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =1.0.0, =1.1.2 and more Source cves: CVE-2024-47874 Source advisory: SNYK:PYTHON-STARLETTE-8186175...
BrandoCulqi (=1.0.1), IMAPServer (=0.1.0) +2299 more potentially affected by unknown CVE via lexical-core (>=0.1.3 <=0.8.5)
lexical-core CARGO version =0.1.3, =1.0.0, =1.0.1, =0.10.0-dev0, =0.2.0, =0.1.0, =0.2.0, =0.1.1, =0.5.1, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2326-PFPJ-VX3H...
CVE-2024-39220
CVE-2024-39220 affects BAS-IP AV-, AA-, BA-, and CR-02BD products (before firmware v3.9.2). An authenticated attacker can read SIP account passwords via a crafted GET request, exposing SIP credentials (confidentiality impact high). The vulnerability is exploitable over network with low complexity...
Various BAS-IP products Security breaches
BAS-IP AV Series and others are products of BAS-IP Corporation.BAS-IP AV Series is a series of smart personal entrance panels.BAS-IP AA Series is a series of smart apartment entrance panels.BAS-IP BA Series is a series of visual intercom outdoor entrance panels. A security vulnerability exists in...
CVE-2024-37654
CVE-2024-37654 affects BAS-IP AV-01D/AV-01MD/AV-01MFD/AV-01ED/AV-01KD/AV-01BD/AV-01KBD/AV-02D/AV-02IDE/AV-02IDR/AV-02IPD/AV-02FDE/AV-02FDR/AV-03D/AV-03BD/AV-04AFD/AV-04ASD/AV-04FD/AV-04SD/AV-05FD/AV-05SD/AA-07BD/AA-07BDI/BA-04BD/BA-04MD/BA-08BD/BA-08MD/BA-12BD/BA-12MD/CR-02BD before version 3.9.2...
CVE-2024-33547
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10...