22 matches found
Unauthorized Access to AMD Secure Processor’s Crypto-Co-Processor
CVE Details Refer to Glossary for explanation of terms CVE| CVSS Score| CVE Description ---|---|--- CVE-2023-20599| 7.9 High CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N| Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto...
Mozilla Firefox Security Advisory (MFSA2025-28) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2025-28. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
📄 YesWiki 4.5.1 Path Traversal
YesWiki version 4.5.1 suffers from an unauthenticated path traversal vulnerability. Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link:...
Chamilo LMS 1.11.24 Shell Upload
Chamilo LMS versions 1.11.24 and below remote shell upload exploit. Exploit Title: Chamilo LMS 1.11.24 - Remote Code Execution RCE Exploit Author: 0x00-null - Mohamed Kamel BOUZEKRIA Exploit Date: September 3, 2024 Vendor Homepage: https://chamilo.org/ Software Link: https://chamilo.org/ Version:...
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
Exploit Title: Chamilo LMS 1.11.24 - Remote Code Execution RCE Exploit Author: 0x00-null - Mohamed Kamel BOUZEKRIA Exploit Date: September 3, 2024 Vendor Homepage: https://chamilo.org/ Software Link: https://chamilo.org/ Version: 1.11.24 Beersel Tested Versions: 1.11.24 Beersel - August 31, 2023...
openSUSE Security Advisory (SUSE-SU-2024:0817-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LTL Freight Quotes – Estes Edition 3.3.7 SQL Injection
LTL Freight Quotes – Estes Edition versions 3.3.7 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13488 LTL Freight Quotes – Estes Edition = 3.3.7 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Estes Edition plugin for WordPress is...
LTL Freight Quotes – SAIA Edition 2.2.10 SQL Injection Vulnerability
CVE-2024-13483 LTL Freight Quotes – SAIA Edition = 5.6 AND error-based - WHERE, HAVING...
LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection
LTL Freight Quotes – Old Dominion Edition versions 4.2.10 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 4.2.10 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Old Dominion Edition plugin...
LTL Freight Quotes – Estes Edition 3.3.7 SQL Injection Vulnerability
CVE-2024-13488 LTL Freight Quotes – Estes Edition = 5.6 AND error-based - WHERE, HAVING...
NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-2080 NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability February 11, 2025 CVE Number CVE-2024-0142 SUMMARY A memory corruption vulnerability exists in the Image Decoding functionality of NVIDIA nvJPEG2000 0.8.0. A specially crafted .jp2 file can lead to...
WordPress ARPrice 4.0.3 PHP Object Injection Vulnerability
CVE-2024-49699 ARPrice...
WordPress SuperBackup 2.3.3 Missing Authorization Vulnerability
CVE-2024-56067 WP SuperBackup = 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and...
Wavlink AC3000 fw_check.sh Firmware Upload vulnerability
Talos Vulnerability Report TALOS-2024-2037 Wavlink AC3000 fwcheck.sh Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39273 SUMMARY A firmware update vulnerability exists in the fwcheck.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can...
PT-2024-9328
Name of the Vulnerable Software and Affected Versions Windows Lightweight Directory Access Protocol LDAP versions prior to the fixed version Description The vulnerability is related to an integer overflow in the Windows Lightweight Directory Access Protocol LDAP service, allowing remote attackers...
TIBCO Security Advisory: November 19, 2024 - TIBCO API Exchange Gateway - CVE-2024-10514
TIBCO APIX - XML External Entity XXE Injection Vulnerability Original release date: November 19, 2024 Last revised: --- CVE-2024-10514 Source: TIBCO Software Inc. Products Affected TIBCO API Exchange Gateway 2.4.0 and 2.5.0 Component Affected API Exchange Gateway Description The TIBCO API Exchang...
MTN Group: Information disclosure due to debug mode enabled at Laravel instance https://mpos.mtn.co.sz/
The Laravel framework contained a vulnerability known as CVE-2021-3129, which allowed remote code execution due to unsafe usage of PHP in the Ignition debug module. This vulnerability was relatively easy to exploit and did not require user authentication, resulting in a high CVSS score of 9.8. Th...
WordPress WP Statistics 13.1.5 SQL Injection
Exploit Title: WP Statistics Plugin = 13.1.5 currentpageid - Time based SQL injection Unauthenticated Date: 13/02/2022 Exploit Author: psychoSherlock Vendor Homepage: https://wp-statistics.com/ Software Link: https://downloads.wordpress.org/plugin/wp-statistics.13.1.5.zip Version: 13.1.5 and prio...
Intel® IPP Cryptography Advisory
Summary: A potential security vulnerability in an Intel® Integrated Performance Primitives IPP Cryptography software library may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26083 Description:...
Authentication Flaw in PayPal mobile API Allows Access to Blocked Accounts
.jpg Payment services provider PayPal is vulnerable to an authentication restriction bypass vulnerability, which could allow an attacker to bypass a filter or restriction of the online-service to get unauthorized access to a blocked users’ PayPal account. The security vulnerability actually resid...