721 matches found
IP2Location Country Blocker < 2.38.9 - Unauthenticated Information Disclosure
IP2Location Country Blocker plugin for WordPress up to version 2.38.8 contains a regular information exposure caused by missing capability checks on admininit, letting unauthenticated attackers view plugin settings, exploit requires no special conditions. id: CVE-2025-1361 info: name: IP2Location...
WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...
CVE-2026-8264
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is...
CVE-2020-25900
Affected software: HelloTalk (up to version 3.4.1). Vulnerability summary: The app stores full‑precision GPS coordinates even when a user intends to share only a country or city, and these coordinates are placed into a client‑side database that is stored on other users’ devices. The client databa...
CVE-2020-25900
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
CVE-2020-25900
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
CVE-2018-25416
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
CVE-2018-25416 AiOPMSD Final 1.0.0 SQL Injection via country.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
EUVD-2018-21938
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
CVE-2018-25416 AiOPMSD Final 1.0.0 SQL Injection via country.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
CVE-2018-25416
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
CVE-2018-25416
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in country.php via the country parameter. An unauthenticated attacker can send crafted GET requests to extract sensitive data from the database (usernames, database names, version details). CVSS data indicates high impact with network ac...
PT-2026-45116
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
AiOPMSD Final SQL注入漏洞
AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the “country” parameter, which may allow unauthenticated attackers to execute...
Friday Squid Blogging: Another Squid
Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Malicious code in @service-suppliers/set_country_list (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f579bcefb3ec1dc8c936abcfabad40d3d8c10e857abb59a18c74d22868b8eaac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview @service-suppliers/resetcountrylist is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...
MAL-2026-4851 Malicious code in @service-suppliers/set_country_list (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f579bcefb3ec1dc8c936abcfabad40d3d8c10e857abb59a18c74d22868b8eaac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview @service-suppliers/setcountrylist is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious code in @service-suppliers/reset_country_list (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5e6ef79773321419089b562c7d3d0a2dc262c6f2e3337df06d953ac9b2a45a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...