439 matches found
CVE-1999-0704
Buffer overflow in Berkeley automounter daemon amd logging facility provided in the Linux am-utils package and others...
WordPress AM LottiePlayer plugin <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Uploaded Lottie File vulnerability discovered by Avraham Shemesh in WordPress Plugin AM LottiePlayer versions = 3.5.3...
CVE-2025-1529
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2025-1529 AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2025-1529 AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2025-1529
CVE-2025-1529 : AM LottiePlayer for WordPress is vulnerable to stored XSS via uploaded Lottie files in all versions up to and including 3.5.3. Exploitation requires authenticated access at Author level or higher. Root cause: insufficient input sanitization and output escaping. Affected software: ...
CVE-2025-0990 I Am Gloria <= 1.1.4 - Cross-Site Request Forgery
The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23gloriasettingspage function. This makes it possible for unauthenticated attackers to reset the tenan...
CVE-2025-0990
CVE-2025-0990 I Am Gloria (WordPress) : The Gloria assistant WordPress plugin is vulnerable to Cross‑Site Request Forgery in versions up to and including 1.1.4 due to missing/incorrect nonce validation on the iamgloria23_gloria_settings_page function. This enables unauthenticated attackers to res...
CVE-2025-0990 I Am Gloria <= 1.1.4 - Cross-Site Request Forgery
The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23gloriasettingspage function. This makes it possible for unauthenticated attackers to reset the tenan...
WordPress plugin I Am Gloria 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress I Am Gloria plugin <= 1.1.4 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Keyvan Hardani in WordPress Plugin I Am Gloria versions = 1.1.4...
CVE-2024-9166 OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access...
CVE-2024-9166 OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access...
Atelmo Atemio AM 520 HD Full HD Satellite Receiver 操作系统命令注入漏洞
The Atelmo Atemio AM 520 HD Full HD Satellite Receiver is a satellite receiver from Atelmo, Germany. An operating system command injection vulnerability exists in the Atelmo Atemio AM 520 HD Full HD Satellite Receiver, which stems from improper neutralization of the particular element used...
PT-2024-39466
Name of the Vulnerable Software and Affected Versions Atelmo Atemio AM 520 HD Full HD Satellite Receiver affected versions not specified Description The device allows an unauthorized attacker to execute system commands with elevated privileges. This is facilitated through the use of the getcomman...
Malicious code in expkg-am (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 36b7980049911172764372f2e4d93b74e1ff019b9c6f9860be544e91f7f79a28 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-42005 via django (>=4.2.0 <=4.2.14)
django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-42005 Source advisory: OSV:GHSA-PV4P-CWWG-4RPH...
aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41991 via django (>=4.2.0 <=4.2.14)
django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41991 Source advisory: OSV:GHSA-R836-HH6V-RG5G...
aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41991 via django (>=4.2.0 <=4.2.14)
django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41991 Source advisory: OSV:PYSEC-2024-69...
aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)
django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...