CVE-2025-23848

Cross-Site Request Forgery CSRF vulnerability in dpowney Hotspots Analytics hotspots allows Stored XSS.This issue affects Hotspots Analytics: from n/a through = 4.0.12...

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

EUVD-2020-18491

Malware in sbrugna...

EUVD-2020-18492

Malware in sbrugna...

EUVD-2025-3473

Malicious code in bioql PyPI...

CVE-2020-25858

The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...

CVE-2020-25859

The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...

CVE-2025-23848

Cross-Site Request Forgery CSRF vulnerability in dpowney Hotspots Analytics hotspots allows Stored XSS.This issue affects Hotspots Analytics: from n/a through = 4.0.12...

CVE-2025-23848

CVE-2025-23848 affects Hotspots Analytics (Daniel Powney) on WordPress. The issue is a CSRF that can lead to Stored XSS, affecting Hotspots Analytics versions n/a–4.0.12. Red Hat’s advisory and Patchstack-linked references corroborate CSRF with potential stored XSS; the documents do not provide e...

WordPress Hotspots Analytics plugin <= 4.0.12 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Hotspots Analytics versions = 4.0.12...

WordPress plugin Hotspots Analytics 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

What is XDR ?

Unpacking XDR: Broadened Acknowledgment and Response In the perpetually advancing domain of digital protection, new lingo and philosophies constantly emerge. Among the more recent additions is XDR, an acronym for Extended Detection and Response. This passage will provide a detailed insight into...

The Hidden Dangers of Public Wi-Fi

Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. With the rise of remote work, people can now work from virtually anywhere: a cafe close to home, a hotel in a different city, or even while waiting for a plane at the airport. Next,...

CVE-2020-25859

The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...

Design/Logic Flaw

The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...

Design/Logic Flaw

The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...

CVE-2020-25859

CVE-2020-25859 concerns the QCMAP_CLI utility in Qualcomm QCMAP, where handling SetGatewayUrl() can invoke system() without input validation. This allows a local attacker with shell access to pass shell metacharacters and execute arbitrary commands. If QCMAP_CLI runs with sudo or setuid, privileg...

CVE-2020-25859

The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...

CVE-2020-25858

CVE-2020-25858 affects the Qualcomm QCMAP Web UI. The issue lies in the QCMAP_Web_CLIENT binary where the Tokenizer() function does not validate the return values of strstr() or strchr(). This can let an attacker supply a crafted URL via the web interface that crashes the process, resulting in a ...