CVE-2024-13923

CVE-2024-13923 : The Order Export & Order Import for WooCommerce WordPress plugin is vulnerable to Server-Side Request Forgery via the validate_file() function in all versions up to and including 2.6.0. Exploitation requires authenticated Administrator-level access or higher and allows web reques...

CVE-2025-2194

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

PT-2025-6881

Name of the Vulnerable Software and Affected Versions NUUO Camera versions prior to 20250203 Description A critical issue exists in NUUO Camera that allows for remote command injection. The issue affects the print file function within the /handle config.php file. Manipulation of the log argument...

WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Admin and Customer Messag...

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

PT-2025-3118 · Keras · Keras

Name of the Vulnerable Software and Affected Versions: Keras version 3.7.0 Description: The issue allows attackers to write arbitrary files to the user's machine by downloading a crafted tar file through the get file function. This enables attackers to potentially compromise the user's system by...

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras version 3.7.0, which stems from a vulnerability that allows an attacker to write arbitrary files to a user's computer by downloading a carefully crafted tar file via the getfile functi...

PT-2024-10236 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version 4.1.2cu.5032 B20200407 Description: A command insertion vulnerability was discovered in the downloadFile.cgi main function. This issue allows an attacker to execute arbitrary commands by sending a specially crafted HTTP...

PT-2024-10402 · Sangoma +2 · Asterisk +3

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.24.2 Asterisk versions prior to 20.9.2 Asterisk versions prior to 21.4.2 Certified-Asterisk versions prior to 18.9-cert11 Certified-Asterisk versions prior to 20.7-cert2 Description: The issue is related to...

PT-2024-38101 · WordPress · Tainacan

Name of the Vulnerable Software and Affected Versions: Tainacan plugin for WordPress versions up to, and including, 0.21.7 Description: The issue is related to a missing capability check on the get file function, which is also vulnerable to directory traversal. This allows authenticated attackers...

CVE-2024-28749

A remote attacker with high privileges may use a writing file function to inject OS commands...

CVE-2024-28748

A remote attacker with high privileges may use a reading file function to inject OS commands...

CVE-2024-28750 ifm: Deleting function in Smart PLC allows command injections

A remote attacker with high privileges may use a deleting file function to inject OS commands...

CVE-2024-28750 ifm: Deleting function in Smart PLC allows command injections

A remote attacker with high privileges may use a deleting file function to inject OS commands...

CVE-2024-28749 ifm: Writing file function in Smart PLC allows command injections

A remote attacker with high privileges may use a writing file function to inject OS commands...

CVE-2024-28749

CVE-2024-28749 affects ifm electronic Smart PLC AC14xx/AC4xxS via the Write to File function, enabling OS command injections by a remote attacker with elevated privileges. The issue is described as an OS command injection originating from a remote attacker with high privileges; CVSSv3.1 base scor...

CVE-2024-28748 ifm: Reading function in Smart PLC allows command injections

A remote attacker with high privileges may use a reading file function to inject OS commands...

CVE-2024-28748 ifm: Reading function in Smart PLC allows command injections

A remote attacker with high privileges may use a reading file function to inject OS commands...

ifm electronic Smart PLC AC14xx and Smart PLC AC4xxS Operating System Command Injection Vulnerability

The ifm electronic Smart PLC AC14xx and ifm electronic Smart PLC AC4xxS are a series of hosts/gateways from ifm electronic Germany. An operating system command injection vulnerability exists in the ifm electronic Smart PLC AC14xx and Smart PLC AC4xxS versions 4.3.17 and earlier, which originates...