PT-2025-19367 · Git +1 · Assimp

Name of the Vulnerable Software and Affected Versions: Assimp affected versions not specified Description: The software is susceptible to a heap-buffer-overflow READ issue. This occurs during the WriteObjects function within the Assimp::FBXExporter class, which is called by ExportBinary and...

NorthGrid Proself Installed (Linux)

Binary data northgridproselflinuxinstalled.nbin...

BIT-PHP-MIN-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

Improper Handling of Syntactically Invalid Structure

Overview Affected versions of this package are vulnerable to Improper Handling of Syntactically Invalid Structure due to the parsing process. An attacker can cause the application to crash by sending specially crafted BER/DER data. Remediation Upgrade swift-asn1 to version 1.3.1 or higher...

Microsoft Azure On-Premises Data Gateway Installed (Windows)

Binary data microsoftazureon-premisesdatagatewaywininstalled.nbin...

SwiftASN1 安全漏洞

SwiftASN1 is an open source ASN.1 implementation of Swift by Apple. A security vulnerability exists in SwiftASN1 versions prior to 1.3.0 that stems from incorrect assumptions about the form of an object when parsing certain BER/DER constructs, which triggers a precondition failure when these...

CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

Ivanti Desktop & Server Management (DSM) Installed (Windows)

Binary data ivantidesktopservermanagementwininstalled.nbin...

CVE-2024-12383

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...

CVE-2024-12384

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-12384

CVE-2024-12384 affects Binary MLM Woocommerce (WordPress) with Reflected XSS via the 'page' parameter in all versions up to 2.0. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject scripts into pages executed after a user clicks a crafted ...

CVE-2024-12384 Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page'

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-12384 Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page'

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-12383 Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...

CVE-2024-12383

CVE-2024-12383 refers to the Binary MLM Woocommerce WordPress plugin vulnerability. The Wordfence entry confirms a Cross‑Site Request Forgery to Stored Cross‑Site Scripting (CSRF to XSS) flaw in all versions up to 2.0, caused by missing or incorrect nonce validation in the bmw_display_pv_set_page...

CVE-2024-12383 Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...

PT-2025-1827 · WordPress · Binary Mlm Woocommerce Plugin

Name of the Vulnerable Software and Affected Versions: Binary MLM Woocommerce plugin for WordPress versions prior to 2.0 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages through the...

WordPress plugin Binary MLM Woocommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Binary MLM Woocommerce plugin <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Binary MLM Woocommerce versions = 2.0...

Nessus Agent 2025 Refresh

Binary data nessusagentrefresh2501.nbin...