10 matches found
CVE-2026-8335
A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...
CVE-2026-8335
CVE-2026-8335 affects Aix-DB. A missing authentication check on the "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary SQL (e.g., arbitrary SELECTs) and retrieve database data, because token validation enforced on other endpoints is absent here. All releases up to...
CVE-2026-24566
CVE-2026-24566 corresponds to a Missing Authorization / broken access control vulnerability in the WordPress plugin iNET Webkit (inet-webkit), affected up to version 1.2.4. The connected sources describe an authorization/configuration flaw that could allow improper access control to sensitive fun...
CVE-2025-53244
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine Elite magazine-elite allows PHP Local File Inclusion.This issue affects Magazine Elite: from n/a through = 1.2.4...
CVE-2025-7827 Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...
PT-2024-33279 · Zimaos · Zimaos
Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue concerns improper input validation in the ZimaOS API endpoint http:///v3/file?token=&files=, allowing authenticated users to read sensitive system files by manipulating the files...
PT-2024-33482 · Zimaos · Zimaos
Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...
Exploit for CVE-2024-9821
CVE-2024-9821 Bot for Telegram on WooCommerce = 1.2.4 - Au...
PT-2023-32849 · Unknown · Codelyfe Stupid Simple Cms
Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS versions up to 1.2.4 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /file-manager/rename.php. The manipulation of the newName argument leads to path...
security flaw
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. dot dot in the original filename within a compressed file...