185 matches found
EUVD-2026-34141
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation...
CVE-2018-25425
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...
CVE-2018-25425
Technical details about CVE-2018-25425 are not publicly available in the provided documents. Monitor for updates.
CVE-2018-25425 Yot CMS 3.3.1 SQL Injection via aid and cid Parameters
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...
CVE-2018-25425 Yot CMS 3.3.1 SQL Injection via aid and cid Parameters
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...
EUVD-2018-21947
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...
CVE-2018-25425
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...
Yot CMS SQL注入漏洞
Yot CMS is a content management system developed by Yot Corporation. Version 3.3.1 of Yot CMS has a SQL injection vulnerability. This vulnerability stems from the use of parameters named aid and cid, which can allow unauthorized attackers to execute arbitrary SQL queries by injecting malicious...
PT-2026-45125
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims...
Anviz CX7和Anviz CX2 Lite 安全漏洞
Both Anviz CX7 and Anviz CX2 Lite are products of the American company Anviz. The Anviz CX7 is a smart terminal device integrated with biometric identification and access control functions. The Anviz CX2 Lite is also a smart terminal device that integrates face recognition and access control...
CVE-2025-67617
Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through = 1.4.3...
CVE-2025-67617
Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through = 1.4.3...
CVE-2025-67617 WordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through = 1.4.3...
CVE-2025-67617
CVE-2025-67617 is a deserialization of untrusted data vulnerability in the themeton Consult Aid WordPress theme (affected versions up to 1.4.3). The underlying issue is PHP Object Injection via untrusted data deserialization, exposed for the Consult Aid: Business Consulting and Finance PSD produc...
CVE-2025-67617 WordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through = 1.4.3...
PT-2026-4016
Name of the Vulnerable Software and Affected Versions themeton Consult Aid versions through 1.4.3 Description A flaw exists in themeton Consult Aid that allows for object injection due to deserialization of untrusted data. This condition can be exploited by attackers to potentially compromise the...
WordPress Plugin Consult Aid: Code Issues and Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Consult Aid versions = 1.4.3...
CVE-2023-50563
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMSFunction.php...