62615 matches found
Zarinpal Paid Download - Reflected XSS
Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...
D-Link DIR-600M - Authentication Bypass
D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication...
Guten Free Options - Cross Site Scripting
Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...
D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. id: CVE-2024-3274 info: name: D-LINK...
WordPress Simple Link Directory <7.7.2 - SQL injection
WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action, available to unauthenticated and authenticated users. An attacker can...
TP-Link TL-WR840N - Command Injection
The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...
Giga Messenger WordPress - Cross-Site Scripting
Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
TP-Link Archer A20 v3 Router - Cross-site Scripting
The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
phpBB < 3.3.17 - Authentication Bypass
phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the authprovider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts th...
D-Link Central WifiManager - Server-Side Request Forgery
D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...
CVE-2026-13756
creationtimestamp| type| source ---|---|--- 2026-07-11 02:37:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqdmydx5vy2w 2026-07-11 04:15:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdsi5svvr2y 2026-07-11 05:01:03+00:00| seen|...
CVE-2026-52976
creationtimestamp| type| source ---|---|--- 2026-07-11 01:27:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdj3uwi7n2f...
CVE-2025-30008
creationtimestamp| type| source ---|---|--- 2026-07-11 01:10:35+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdi55ozsj2i...
CVE-2026-49844
creationtimestamp| type| source ---|---|--- 2026-07-11 00:45:40+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mqdgqliloj24...
CVE-2026-59218
creationtimestamp| type| source ---|---|--- 2026-07-11 00:35:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg6rw2ym2y...
CVE-2026-59217
creationtimestamp| type| source ---|---|--- 2026-07-11 00:34:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg4fw5q22i...
CVE-2026-39246
creationtimestamp| type| source ---|---|--- 2026-07-11 00:31:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdfxmi2yn2s...
CVE-2026-57475
creationtimestamp| type| source ---|---|--- 2026-07-11 00:26:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdfob4kqy2z...
D-Link Central WiFi Manager CWM(100) - Remote Code Execution
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...