Lucene search
K

99 matches found

cnnvd
cnnvd
added 2025/06/14 12:0 a.m.3 views

WordPress plugin StreamWeasels Kick Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS5.7AI score0.00231EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 8:19 a.m.4 views

CVE-2024-10184

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5AI score0.00366EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:0 p.m.10 views

CVE-2022-46586

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%dvap%d.maclist parameter in the kickbanwifimacallow sub415B00 function...

9.8CVSS7.8AI score0.00966EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/26 12:0 a.m.5 views

WordPress plugin Ayyash Studio The kick-start kit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Ayyash Studio The kick-start kit 1.0.3 an...

6.4CVSS7.6AI score0.00273EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2024/12/04 12:0 a.m.6 views

The vulnerability of the iocg_kick_delay() function in the block/blk-iocost.c module of the blk-iocost component of the Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the iocgkickdelay function in the block/blk-iocost.c module of the blk-iocost component of the Linux operating system is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of...

7.8CVSS6.5AI score0.00733EPSS
Exploits0References30Affected Software5
cvelist
cvelist
added 2024/10/29 11:1 a.m.15 views

CVE-2024-10184 SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00366EPSS
Exploits0References3
cve
cve
added 2024/10/29 11:1 a.m.43 views

CVE-2024-10184

CVE-2024-10184 affects StreamWeasels Kick Integration plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the sw-kick-embed shortcode, occurring in all versions up to 1.1.1 due to insufficient input sanitization and output escaping on user-supplied attributes. Explo...

6.4CVSS5.7AI score0.00366EPSS
Exploits0References3
patchstack
patchstack
added 2024/10/29 5:12 a.m.3 views

WordPress SW Kick Integration plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SW Kick Integration versions = 1.1.1...

6.4CVSS5.8AI score0.00366EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/10/29 12:0 a.m.4 views

WordPress plugin StreamWeasels Kick Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS5.8AI score0.00366EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/10/29 12:0 a.m.8 views

PT-2024-16099 · WordPress · Streamweasels Kick Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Kick Integration plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode due to insufficient input sanitization and outp...

6.4CVSS6.2AI score0.00366EPSS
Exploits0References10
patchstack
patchstack
added 2024/10/29 12:0 a.m.8 views

WordPress SW Kick Integration Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software SW Kick Integration Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10184 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0ac845fe096 Credits Peter Thaleikis...

6.4CVSS5.7AI score0.00366EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2024/07/29 12:0 a.m.10 views

FreeBSD : znc -- remote code execution vulnerability (8057d198-4d26-11ef-8e64-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8057d198-4d26-11ef-8e64-641c67a117d8 advisory. Mitre reports: In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Tenable has...

9.8CVSS6.4AI score0.03862EPSS
Exploits0References4
susecve
susecve
added 2024/07/05 3:23 a.m.3 views

SUSE CVE-2024-39844

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

9.8CVSS8.2AI score0.03862EPSS
Exploits0References4
osv
osv
added 2024/07/03 5:15 p.m.2 views

DEBIAN-CVE-2024-39844

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

9.8CVSS6.3AI score0.03862EPSS
Exploits0References1
nvd
nvd
added 2024/07/03 5:15 p.m.20 views

CVE-2024-39844

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

9.8CVSS0.03862EPSS
Exploits0References5
osv
osv
added 2024/07/03 5:15 p.m.9 views

UBUNTU-CVE-2024-39844

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

9.8CVSS6.4AI score0.03862EPSS
Exploits0References8
cvelist
cvelist
added 2024/07/03 12:0 a.m.221 views

CVE-2024-39844

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

0.03862EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2024/07/03 12:0 a.m.13 views

CVE-2024-39844

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK...

7.7AI score0.03862EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/07/03 12:0 a.m.12 views

ZNC Security Vulnerabilities

ZNC is ZNC's open source set of IRC proxies that allow users to log in to IRC servers from their workstations. A security vulnerability exists in ZNC versions prior to 1.9.1, which stems from a remote code execution that can be performed in modtcl via KICK...

9.8CVSS7.9AI score0.03862EPSS
Exploits0References7
cve
cve
added 2024/07/03 12:0 a.m.70 views

CVE-2024-39844

CVE-2024-39844 affects ZNC prior to 1.9.1. The vulnerability is a remote code execution flaw in the modtcl module that can be triggered by a KICK event, enabling an attacker to execute code remotely over the network. Connected advisories and Nessus/NASL records consistently describe this issue an...

9.8CVSS7.5AI score0.03862EPSS
Exploits0References5
Rows per page
Query Builder