CVE-2024-26018

Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

CVE-2024-28126

Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00...

CVE-2024-28126

Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

CVE-2024-28048

ffBull 4.11 is affected by an OS command injection vulnerability (CVE-2024-28048). A remote unauthenticated attacker could execute arbitrary OS commands with the web server’s privileges. The issue is severe (CVSS 3.1: CRITICAL) and the developer is unreachable. Multiple sources reiterate that use...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-28034

The CVE-2024-28034 entry describes a cross-site scripting (CWE-79) vulnerability in Mini Thread Version 3.33βi. An arbitrary script could be executed in the browser of users visiting a site that uses this product. The focal product is Mini Thread 3.33βi; the root cause and exact vulnerable compon...

CVE-2024-28033

OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy...

CVE-2024-26018

TvRock is affected by a cross-site scripting vulnerability (CWE-79) in version 0.9t8a. The issue allows arbitrary script execution in the browser of users visiting a site that uses TvRock, with the root cause noted as the developer being unreachable. Multiple sources (NVD, Red Hat, JVN, PtSecurit...

CVE-2024-26018

Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

CVE-2024-26018

Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

0ch BBS Script (0ch) vulnerable to cross-site scripting

Overview 0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. During the meeting of...

TvRock vulnerable to cross-site scripting

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

WebProxy vulnerable to OS command injection

Overview WebProxy provided by LunarNight Laboratory according to the original report submitted by the reporter is software to build a proxy server. WebProxy contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved...

PT-2024-22281 · Easyrange · Easyrange

Name of the Vulnerable Software and Affected Versions: EasyRange Ver 1.41 Description: The issue with the executable file search path when displaying an extracted file on Explorer may lead to loading an executable file that resides in the same folder where the extracted file is placed. If this...

PT-2024-21278 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site scripting vulnerability exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users...

WordPress WholesaleX Plugin <= 1.3.1 is vulnerable to Sensitive Data Exposure

Software WholesaleX Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-30233 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fd8f60a8b6dc Credits Emili Castells Required...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6cea17ebc47f Credits Majed Refaea Required privilege Subscribe...