79 matches found
CVE-2025-31899
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through = 1.2...
CVE-2025-31899 WordPress Awesome Logos plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through = 1.2...
CVE-2025-31899
CVE-2025-31899 describes a Reflected XSS in the WordPress plugin Awesome Logos (affected: up to version 1.2). The issue arises from improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 ( HIGH ), with Network attack vector, requiring user interaction. Affected versi...
PT-2025-14747 · WordPress · Wpshopee Awesome Logos
Name of the Vulnerable Software and Affected Versions: wpshopee Awesome Logos versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...
WordPress plugin Awesome Logos 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
CVE-2025-30528
Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through = 1.2...
CVE-2025-30528
Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through = 1.2...
CVE-2025-30528 WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability
Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos allows SQL Injection. This issue affects Awesome Logos: from n/a through 1.2...
CVE-2025-30528
CVE-2025-30528 affects the WordPress plugin Awesome Logos (
CVE-2025-30528 WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability
Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through = 1.2...
WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability
CSRF to SQL Injection vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Awesome Logos versions = 1.2...
WordPress plugin Awesome Logos 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
VulnCheck KEV: CVE-2023-40238
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address...
Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking
--- The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the...
VulnCheck KEV: CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...
PT-2023-8204 · Ami · Ami Aptiov
Name of the Vulnerable Software and Affected Versions: AMI AptioV affected versions not specified Description: The issue is related to the BMP Logo Handler component in the AMI AptioV BIOS setup utility, which allows for an unrestricted upload of dangerous file types, including PNG logo files. Th...
“Picture in Picture” Technique Exploited in New Deceptive Phishing Attack
By Habiba Rashid The innovative approach, known as "picture in picture," capitalizes on users trust in familiar logos and promotions, making… This is a post from HackRead.com Read the original post: "Picture in Picture" Technique Exploited in New Deceptive Phishing Attack...
GHSA-65V8-6PVW-JWVQ Answer vulnerable to Insertion of Sensitive Information Into Sent Data
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...
PT-2023-17383 · Unknown · Answerdev/Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the insertion of sensitive information into sent data. Specifically, answerdev/answer, an open-source knowledge-based community software, does not strip EXIF geolocation...