CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

Embedded Malicious Code

Overview @velora-dex/sdk is a SDK for the Velora API Affected versions of this package are vulnerable to Embedded Malicious Code that delivers a malicious payload through dist/index.js. An attacker uploaded a compromised version of the package directly to the npm registry. The payload runs a...

CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

CVE-2024-32662 FreeRDP rdp_redirection_read_base64_wchar out of bound read

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded. The string is only used to compare against t...

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication. Recent assessments: cbeek-r7 at February 09, 2024 3:26pm UT...

CVE-2022-26964

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded...

CVE-2021-38346

The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...

Directory traversal

The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...

h1-ctf: [ Hacky Holidays CTF ] Completely taken down the Grinch Networks

Day 1 - Robot flag We're presented with sample ui page without any function. So I guessed content discovery is the best way to find flag. And robots.txt came to my mind and found the flag. https://hackyholidays.h1ctf.com/robots.txt Response User-agent: Disallow: /s3cr3t-ar3a Flag:...

PT-2019-14905 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an unsanitized filename variable in the recording play.php file, which is base64 decoded and reflected in HTML. This leads to a potential XSS issue. Recommendations: For...

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...

Sql injection

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities

AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pablo Rebolini - Valid credentials are required !. Most of...