CVE-2024-57494

Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 through v.6.3115 allows a remote attacker to escalate privileges via the kw parameter...

CVE-2025-28357

A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request...

CVE-2025-28357

A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request...

CVE-2024-57494

Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 through v.6.3115 allows a remote attacker to escalate privileges via the kw parameter...

CVE-2024-57494

Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 through v.6.3115 allows a remote attacker to escalate privileges via the kw parameter...

Neto CMS 安全漏洞

Neto CMS is an e-commerce platform from Neto Australia. A security vulnerability exists in Neto CMS versions v6.313.0 through v6.314.0 that originates from a specially crafted HTTP request resulting in a CRLF injection that may execute arbitrary code...

CVE-2024-57494

Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 through v.6.3115 allows a remote attacker to escalate privileges via the kw parameter...

PT-2025-40283

Name of the Vulnerable Software and Affected Versions Neto CMS versions 6.313.0 through 6.314.0 Description A CRLF injection flaw exists in Neto CMS. This issue allows attackers to potentially execute arbitrary code by submitting a specially crafted HTTP request. The vulnerability is due to...

CVE-2025-28357

A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request...

CVE-2024-57494

Summary (CVE-2024-57494) : Neto E-Commerce CMS versions 6.313.0 through 6.3115 contain a cross-site scripting (XSS) vulnerability in the kw parameter that can be exploited by a remote attacker to escalate privileges. The issue is confirmed across multiple feeds (Red Hat, NVD, CVE List, CNNVD) wit...

PT-2025-40282

Name of the Vulnerable Software and Affected Versions Neto E-Commerce CMS versions 6.313.0 through 6.3115 Description A Cross Site Scripting issue exists in Neto E-Commerce CMS. This allows a remote attacker to potentially escalate privileges. The issue is related to the kw parameter...

CVE-2025-28357

A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request...

CVE-2025-28357

Summary: CVE-2025-28357 is a CRLF injection vulnerability in Neto CMS versions 6.313.0–6.314.0 that enables arbitrary code execution via a crafted HTTP request. The root cause is insufficient input validation around carriage return/line feed characters in requests. Impact: high (remote attacker w...

Neto E-Commerce CMS 安全漏洞

Neto E-Commerce CMS is an e-commerce content management system from Neto Australia. A security vulnerability exists in Neto E-Commerce CMS versions 6.313.0 through 6.3115, which stems from the presence of cross-site scripting in the kw parameter, which could lead to elevation of privilege...

WordPress Download Manager plugin < 3.3.00 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Miguel Xavier Penha Neto in WordPress Plugin Download Manager versions 3.3.00...

WordPress Mailchimp for WooCommerce plugin <= 2.7.1 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Mailchimp for WooCommerce plugin versions = 2.7.1. Solution Update the WordPress MailChimp For WooCommerce plugin to the latest available version at least 2.7.2...

CVE-2021-26578

HPE Network Orchestrator (NetO) prior to version 2.5 is affected by a SQL injection vulnerability in the connections resource, triggered via user input that is not properly filtered. ZDI details a remote, unauthenticated attacker leveraging a crafted uaf-token header to execute SQL and disclose s...

Facebook "Trusted friends" Security Feature Easily Exploitable

Facebook "Trusted friends" Security Feature Easily Exploitable Last week Facebook announced that in one day 600,000 accounts possibly get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 "Trusted friends". Facebook will be adding two new security features...