Lucene search
K

4 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS7.5AI score0.4214EPSS
Exploits3References1
OSV
OSV
added 2021/05/14 12:15 p.m.4 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS5.9AI score
Exploits0References3
CNVD
CNVD
added 2021/01/16 12:0 a.m.1 views

Totolink A702r Access Control Error Vulnerability

The Totolink A702r is a router device from the Chinese company Totolink. The Totolink A702r V1.0.0-B20161227.1023 suffers from an access control error vulnerability that allows an attacker to access the icon directory via the GET parameter. No detailed vulnerability details are provided at this...

5.5CVSS6.9AI score0.00451EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/14 12:0 a.m.4 views

TotoLink A702r 访问控制错误漏洞

The Totolink A702r is a router device from the Chinese company Totolink. The Totolink A702r V1.0.0-B20161227.1023 suffers from an access control error vulnerability that allows an attacker to access the icon directory via the GET parameter. No detailed vulnerability details are provided at this...

5.5CVSS6.1AI score0.00451EPSS
Exploits1References2
Rows per page
Query Builder