Lucene search
K

234 matches found

Patchstack
Patchstack
added 2025/08/27 12:46 p.m.4 views

WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ThemeREX Addons versions = 2.36.1.1...

7.3AI score0.00525EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.3 views

WordPress plugin ThemeREX Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/21 11:54 p.m.6 views

CVE-2001-1520

Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant PDA via Rextools, and capturing the cleartext PIN...

2.1CVSS6.6AI score0.00332EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/05 7:3 p.m.15 views

REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

Summary Reflected cross-site scripting XSS is a type of web vulnerability that occurs when a web application fails to properly sanitize user input, allowing an attacker to inject malicious code into the application's response to a user's request. When the user's browser receives the response, the...

6.1CVSS6AI score0.00266EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/01/28 7:15 a.m.3 views

CVE-2024-13448

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.4AI score
Exploits0References2
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.4 views

WordPress plugin ThemeREX Addons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists in...

9.8CVSS9.1AI score0.00881EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.369 views

LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModule 'LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator', 'Description' = 'Generates a Maliciou...

7.5CVSS6.9AI score0.78905EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.295 views

Native DNS Spoofer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Native DNS Spoofer Example', 'Description' = %q This module provides a Rex based DNS service to resolve queries intercepted via the capture mixin...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/11 12:0 a.m.307 views

LG Simple Editor Remote Code Execution Exploit

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...

9.8CVSS7.7AI score0.82964EPSS
Exploits3
OSV
OSV
added 2023/08/17 2:15 p.m.4 views

CVE-2023-34412

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...

4.8CVSS5.9AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2023/08/17 2:15 p.m.19 views

CVE-2023-34412

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...

5.4CVSS5.2AI score0.00345EPSS
Exploits0References2
Prion
Prion
added 2023/08/17 2:15 p.m.21 views

Code injection

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...

4.3CVSS5.3AI score0.00345EPSS
Exploits0References2Affected Software17
Cvelist
Cvelist
added 2023/08/17 1:7 p.m.17 views

CVE-2023-34412 Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code XSS...

4.8CVSS5.6AI score0.00345EPSS
Exploits0References2
CVE
CVE
added 2023/08/17 1:7 p.m.44 views

CVE-2023-34412

CVE-2023-34412 affects Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200/250 devices with firmware

5.4CVSS5.2AI score0.00345EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.3 views

Helmholz REX 跨站脚本漏洞

Helmholz REX is a series of routers from Helmholz. A cross-site scripting vulnerability exists in the Helmholz REX 200 and REX 250, which stems from the ability to store an arbitrary JavaScript load on the device's diagnostic page...

5.4CVSS5.1AI score0.00345EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.4 views

PT-2023-24863 · Helmholz +1 · Rex 250 +2

Name of the Vulnerable Software and Affected Versions: Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower than 7.3.2 Description: A vulnerability in the affected devices allows an authenticated remote attacker to inject malicious HTML or JavaScript code...

5.4CVSS5.1AI score0.00345EPSS
Exploits0References7
OSV
OSV
added 2023/02/28 5:15 a.m.4 views

CVE-2021-22283

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.4 views

PT-2022-6575 · NetGear · Netgear Rax30

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: The issue is related to the handling of JSON data and results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based...

8CVSS7.6AI score0.00856EPSS
Exploits0References6
OSV
OSV
added 2022/11/04 11:15 p.m.3 views

CVE-2022-43563

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...

8.8CVSS5.8AI score0.00595EPSS
Exploits0References1
NVD
NVD
added 2022/11/04 11:15 p.m.23 views

CVE-2022-43563

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...

8.8CVSS0.00595EPSS
Exploits0References1
Rows per page
Query Builder