4 matches found
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-41687 Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API
An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices...
WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API
Authenticated SQL Injection SQLi vulnerability via Link API discovered by FVD in WordPress core versions = 6.0.1. Solution Update the WordPress to the latest available version at least 6.0.2 or another patched version...
WP < 6.0.2 - SQLi via Link API
Description The getbookmarks function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wplistbookmarks for example...