Lucene search
+L

79 matches found

nvd
nvd
added 2025/04/03 2:15 p.m.7 views

CVE-2025-31899

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through = 1.2...

7.1CVSS0.00224EPSS
Exploits0References1
cvelist
cvelist
added 2025/04/03 1:27 p.m.18 views

CVE-2025-31899 WordPress Awesome Logos plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through = 1.2...

7.1CVSS0.00224EPSS
Exploits0References1
cve
cve
added 2025/04/03 1:27 p.m.57 views

CVE-2025-31899

CVE-2025-31899 describes a Reflected XSS in the WordPress plugin Awesome Logos (affected: up to version 1.2). The issue arises from improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 ( HIGH ), with Network attack vector, requiring user interaction. Affected versi...

7.1CVSS7.2AI score0.00224EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/04/03 12:0 a.m.6 views

PT-2025-14747 · WordPress · Wpshopee Awesome Logos

Name of the Vulnerable Software and Affected Versions: wpshopee Awesome Logos versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

7.1CVSS7.1AI score0.00224EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/04/03 12:0 a.m.5 views

WordPress plugin Awesome Logos 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.1CVSS6.9AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/03/26 2:31 p.m.6 views

CVE-2025-30528

Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through = 1.2...

9.3CVSS7.3AI score0.00237EPSS
Exploits0References1
nvd
nvd
added 2025/03/24 2:15 p.m.5 views

CVE-2025-30528

Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through = 1.2...

9.3CVSS0.00237EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/24 1:46 p.m.3 views

CVE-2025-30528 WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos allows SQL Injection. This issue affects Awesome Logos: from n/a through 1.2...

9.3CVSS7.9AI score0.00237EPSS
Exploits0References1
cve
cve
added 2025/03/24 1:46 p.m.49 views

CVE-2025-30528

CVE-2025-30528 affects the WordPress plugin Awesome Logos (

9.3CVSS7.3AI score0.00237EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/24 1:46 p.m.16 views

CVE-2025-30528 WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through = 1.2...

9.3CVSS0.00237EPSS
Exploits0References1
patchstack
patchstack
added 2025/03/24 1:30 p.m.2 views

WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Awesome Logos versions = 1.2...

9.3CVSS8AI score0.00237EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2025/03/24 12:0 a.m.3 views

WordPress plugin Awesome Logos 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

9.3CVSS8.9AI score0.00237EPSS
Exploits0References2
vulncheck_kev
vulncheck_kev
added 2024/11/29 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-40238

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address...

5.5CVSS5.8AI score0.01858EPSS
Exploits1References1
thn
thn
added 2024/07/22 1:5 p.m.19 views

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking

--- The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the...

7.2AI score
Exploits0
vulncheck_kev
vulncheck_kev
added 2024/01/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-6090

Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...

8.8CVSS7.6AI score0.96068EPSS
Exploits9References1
ptsecurity
ptsecurity
added 2023/12/04 12:0 a.m.9 views

PT-2023-8204 · Ami · Ami Aptiov

Name of the Vulnerable Software and Affected Versions: AMI AptioV affected versions not specified Description: The issue is related to the BMP Logo Handler component in the AMI AptioV BIOS setup utility, which allows for an unrestricted upload of dangerous file types, including PNG logo files. Th...

7.8CVSS7.3AI score0.00623EPSS
Exploits0References10
hackread
hackread
added 2023/06/08 1:18 p.m.16 views

“Picture in Picture” Technique Exploited in New Deceptive Phishing Attack

By Habiba Rashid The innovative approach, known as "picture in picture," capitalizes on users trust in familiar logos and promotions, making… This is a post from HackRead.com Read the original post: "Picture in Picture" Technique Exploited in New Deceptive Phishing Attack...

7AI score
Exploits0
osv
osv
added 2023/04/11 12:30 p.m.15 views

GHSA-65V8-6PVW-JWVQ Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...

6.5CVSS6.2AI score0.00586EPSS
Exploits1References4
github
github
added 2023/04/11 12:30 p.m.25 views

Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...

7.6CVSS6AI score0.00586EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2023/04/11 12:0 a.m.6 views

PT-2023-17383 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the insertion of sensitive information into sent data. Specifically, answerdev/answer, an open-source knowledge-based community software, does not strip EXIF geolocation...

7.6CVSS7.5AI score0.00586EPSS
Exploits1References9
Rows per page
Query Builder