34 matches found
OESA-2025-1639 yasm security update
Yasm is a complete rewrite of the NASM assembler under the “new” BSD License. Security Fixes: yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c.CVE-2024-22653...
CVE-2025-28932
Cross-Site Request Forgery CSRF vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through = 2.4...
CVE-2025-28932
Cross-Site Request Forgery CSRF vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through = 2.4...
CVE-2025-28932 WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through = 2.4...
CVE-2025-28932 WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through = 2.4...
CVE-2025-28932
CVE-2025-28932 is a CSRF-to-Stored-XSS vulnerability affecting the WordPress Insert Code plugin, versioned 2.4 and earlier (plugin <= 2.4). The CVE entry indicates that an attacker can exploit CSRF to trigger stored XSS, with a CVSS v3.1 base score of 7.1 (HIGH) and an attack vector of NETWORK...
SUSE CVE-2024-37026
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with...
PT-2024-2671 · Yasm +2 · Yasm +2
Name of the Vulnerable Software and Affected Versions: YASM version 1.3.0.86.g9def Description: The issue is related to the yasm section bcs first function in the libyasm/section.c component, which allows a remote attacker to cause a denial of service due to uncontrolled resource consumption. Thi...
bcs-bih.com Improper Access Control vulnerability OBB-3793932
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
BCS BatchLine Book Importer < 1.5.8 - Unauthenticated Product Import
The plugin did not correctly check for permission in its wc/v3/bcsbertlinebookimport REST route, allowing unauthenticated to import arbitrary products or update existing ones POST /wp-json/wc/v3/bcsbertlinebookimport HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflat...
WordPress BCS BatchLine Book Importer plugin <= 1.5.7 - Unauthenticated Product Import/Update vulnerability
Unauthenticated Product Import/Update vulnerability discovered in WordPress BCS BatchLine Book Importer plugin versions = 1.5.7. Solution Update the WordPress BCS BatchLine Book Importer plugin to the latest available version at least 1.5.8...
bcs.com XSS vulnerability
Open Bug Bounty ID: OBB-622694 Description| Value ---|--- Affected Website:| bcs.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Battle.net Clan Script for PHP 1.5.1 - Remote SQL Injection Vulnerability
No description provided by source. script : Battle.net Clan Script 1.5 file : login.php attack : injection sql auteur : h a c k e r X code : ------------------------------------------------------------------------------------------ line 9 -- $user = $POST'user'; line 10-- $pass = $POST'pass';...
CVE-2008-5882
CVE-2008-5882 describes a SQL injection in login.asp of Citrix Application Gateway – Broadcast Server (BCS) before 6.1, used by Avaya AG250 – Broadcast Server before 2.0 and possibly other products. The vulnerability arises via the txtUID parameter and could allow remote execution of arbitrary SQ...