CVE-2023-0127

A command injection vulnerability in the firmwareupdate command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root...

CVE-2024-10177

CVE-2024-10177 affects Beds24 Online Booking plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the beds24-link shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication at contributor...

CVE-2024-7888 Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like exportforms, importforms, updatefboptions, and many more in all versions up to, and including, 3.1.7. This make...

CVE-2024-7717

The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-40519

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminsmtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2020-23185

A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...