Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-8335

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:31 p.m.27 views

CVE-2026-8335

CVE-2026-8335 affects Aix-DB. A missing authentication check on the "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary SQL (e.g., arbitrary SELECTs) and retrieve database data, because token validation enforced on other endpoints is absent here. All releases up to...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 2:28 p.m.17 views

CVE-2026-24566

CVE-2026-24566 corresponds to a Missing Authorization / broken access control vulnerability in the WordPress plugin iNET Webkit (inet-webkit), affected up to version 1.2.4. The connected sources describe an authorization/configuration flaw that could allow improper access control to sensitive fun...

6.5CVSS5.4AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 1:16 p.m.4 views

CVE-2025-53244

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine Elite magazine-elite allows PHP Local File Inclusion.This issue affects Magazine Elite: from n/a through = 1.2.4...

8.1CVSS0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/23 4:25 a.m.8 views

CVE-2025-7827 Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...

4.3CVSS0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-33279 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue concerns improper input validation in the ZimaOS API endpoint http:///v3/file?token=&files=, allowing authenticated users to read sensitive system files by manipulating the files...

7.5CVSS6.8AI score0.00702EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-33482 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...

7.5CVSS6.4AI score0.00954EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2024/10/11 3:35 p.m.89 views

Exploit for CVE-2024-9821

CVE-2024-9821 Bot for Telegram on WooCommerce = 1.2.4 - Au...

8.8CVSS8.9AI score0.01159EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.5 views

PT-2023-32849 · Unknown · Codelyfe Stupid Simple Cms

Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS versions up to 1.2.4 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /file-manager/rename.php. The manipulation of the newName argument leads to path...

5.5CVSS5.7AI score0.00906EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2005/06/13 12:12 p.m.4 views

security flaw

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. dot dot in the original filename within a compressed file...

5CVSS6AI score0.03584EPSS
Exploits0References4
Rows per page
Query Builder