3913 matches found
EUVD-2025-199789
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12666
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12666 Google Drive upload and download link <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12666
CVE-2025-12666 in the WordPress plugin “Google Drive upload and download link” is a Stored Cross‑Site Scripting flaw via the 'link' parameter of the atachfilegoogle shortcode. Root cause: insufficient input sanitization and output escaping. Affected since versions up to and including 1.0. Impact:...
CVE-2025-12666 Google Drive upload and download link <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Google Drive upload and download link 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-48219
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Google Drive upload and download link plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Google Drive upload and download link versions = 1.0...
CVE-2025-66265 Insecure permissions in configuration directory (C:\\usr)
CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...
MegaTec ClientMate 安全漏洞
MegaTec ClientMate is a power management software from Taiwan, China-based MegaTec. A security vulnerability exists in MegaTec ClientMate that stems from insecure permissions in the C:\usr directory, which could lead to configuration file replacement or DLL hijacking...
CVE-2025-63685
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...
CVE-2025-34329
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodesfiles/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates t...
EUVD-2025-198336
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...
CVE-2025-63685
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...
PT-2025-47633
Name of the Vulnerable Software and Affected Versions Quark Cloud Drive version 3.23.2 Description The software contains a flaw due to insecure loading of system libraries. The application does not validate the path or signature of regsvr32.exe when loading it. An attacker could place a malicious...
Alibaba Quark Cloud Drive 安全漏洞
Alibaba Quark Cloud Drive is an online disk software from Chinese company Alibaba. A security vulnerability exists in Alibaba Quark Cloud Drive version v3.23.2, which originates from insecure loading of system libraries and could lead to a DLL hijacking attack...
CVE-2025-63685
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...
CVE-2025-63685
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...
CVE-2025-34329
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodesfiles/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates t...
scsi: mpi3mr: Bad drive in topology results kernel crash
...