CVE-2026-6670

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

EUVD-2022-53326

Malicious code in bioql PyPI...

CVE-2022-32034

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist...

CVE-2020-13483

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the itemsITEMSID parameter to the components/bitrix/mobileapp.list/ajax.php/ URI...

CVE-2022-32034

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist...

CVE-2022-32034

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist...

CVE-2022-32034

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist...

PT-2022-21061 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.12 Description: A stack overflow issue was discovered via the items parameter in the formdelMasteraclist function. Recommendations: For Tenda M3 version 1.0.0.12, consider restricting access to the formdelMasteraclist...

CVE-2020-24144

Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...