10 matches found
EUVD-2026-2929
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...
EUVD-2026-1749
The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thetooltip' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2026-1454
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...
EUVD-2025-205701
DVP-12SE11T - Denial of Service Vulnerability...
EUVD-2025-37625
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wpajaxnoprivce21singlesignonsaveapisettings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API...
CVE-2023-1112
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...
CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...
CVE-2024-1262 Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload
A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument picurl leads to unrestricted...
GHSA-WXJ2-777F-VXMF
creationtimestamp| type| source ---|---|--- 2024-01-03 22:36:53+00:00| seen| https://t.me/ctinow/162626...
CVE-2022-2677
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ' AND SELECT 4955 FROM SELECTSLEEP5RSzF AND 'htiy'='htiy leads to s...