Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.16 views

CVE-2025-9218

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...

3.7CVSS5.9AI score0.0023EPSS
Exploits0References1
CVE
CVE
added 2025/12/13 4:31 a.m.13 views

CVE-2025-9218

The CVE-2025-9218 entry concerns rtMedia for WordPress, BuddyPress and bbPress. Wordfence reports a missing-authorization issue in rtMedia’s handle_rest_pre_dispatch() that, when the Godam plugin is active, allows unauthenticated attackers to access media items from draft or private posts. Affect...

3.7CVSS5.5AI score0.0023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/04 10:32 p.m.3 views

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.5AI score0.00088EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 12:0 a.m.26 views

ASB-A-296915500

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.3AI score0.00088EPSS
Exploits0References2
OSV
OSV
added 2025/01/21 11:15 p.m.3 views

CVE-2023-40108

In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00082EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.2 views

CVE-2023-21105

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS6.3AI score0.00103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.3 views

PT-2022-14619 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-12L Description: The issue is related to an integer overflow in the extract3GPPGlobalDescriptions function of TextDescriptions.cpp, which can cause an out of bounds read. This could lead to local...

5.5CVSS5.3AI score0.00097EPSS
Exploits0References3
Patchstack
Patchstack
added 2019/07/24 12:0 a.m.10 views

WordPress WPS Cleaner plugin <= 1.4.4 - Cross-Site Request Forgery (CSRF) + media disclosure vulnerabilities

Cross-Site Request Forgery CSRF + media disclosure vulnerabilities found by Julio Potier in WordPress WPS Cleaner plugin versions = 1.4.4. Solution Update the WordPress WPS Cleaner plugin...

4.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/23 12:0 a.m.11 views

WPS Cleaner <= 1.4.4 - Multiple Issues

CSRF, Media Dislcosure...

3.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder