3869 matches found
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting
The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting
The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2025-13971
CVE-2025-13971 affects the TWW Protein Calculator WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Header setting in all versions up to and including 1.0.24, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admini...
PT-2025-50838
The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
WordPress TWW Protein Calculator plugin <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Header' Setting vulnerability discovered by ChamlaVic in WordPress Plugin TWW Protein Calculator versions = 1.0.24...
CVE-2024-58286
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation...
CVE-2025-64995
A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...
CVE-2025-64995
A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...
CVE-2025-64995 Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction
A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...
CVE-2025-64995
CVE-2025-64995 affects TeamViewer DEX (formerly 1E DEX). The vulnerability is a privilege-escalation in the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior to version 3.4, caused by improper protection of the execution path on the local device. This issue could allow an at...
CVE-2025-64995 Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction
A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...
EUVD-2025-202669
A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...
CVE-2025-64995
A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...
SUSE CVE-2023-53830
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...
EUVD-2023-60166
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...
CVE-2025-48612
In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2023-53830
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...
CVE-2023-53830
The CVE-2023-53830 issue affects the Linux kernel in the x86 Think-LMI support (platform/x86/think-lmi). When retrieving a tlmi_setting item string, the result must be freed with kfree(); however, current_value_show() can leak memory because malformed item strings aren’t freed due to an early ret...
CVE-2023-53830
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmisetting, the result has to be freed using kfree. In currentvalueshow however, malformed item strings are not freed,...