CVE-2024-6393

CVE-2024-6393 affects the WordPress plugin NextGEN Gallery (Photo Gallery, Sliders, Proofing and Themes). The issue is a lack of sanitization/escaping in the plugin’s Images settings, enabling stored XSS by high-privilege users (e.g., Administrators) even if unfiltered_html is disallowed. Affecte...

CVE-2024-10710

CVE-2024-10710 (YaDisk Files WordPress plugin) affects YaDisk Files up to version 1.2.5. The Red Hat and other sources confirm the issue: the plugin does not sanitise/escape certain settings, enabling Stored XSS by high-privilege users (admin) even when unfiltered_html is disallowed. Technical de...

PT-2024-38048

Name of the Vulnerable Software and Affected Versions WPForms versions prior to 1.9.1.6 Description The issue allows high privilege users, such as Admin, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This i...

Exploit for Cross-site Scripting in Sensaphone Web600_Firmware

SENSAPHONE VULNERABILITY DISCLOSURE Summary In mid-Sep...

CVE-2024-7391

ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability...

CVE-2024-7391 ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability

ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability...

CVE-2024-7391 ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability

ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability...

CVE-2024-7391

CVE-2024-7391 describes a BLE-based information disclosure in ChargePoint Home Flex during the Wi‑Fi setup flow. An attacker connected over Bluetooth Low Energy during setup can obtain Wi‑Fi credentials, enabling access to the owner’s Wi‑Fi network. The flaw is reported to require user interactio...

ChargePoint Home Flex 信息泄露漏洞

ChargePoint Home Flex is a series of electric vehicle charging devices from ChargePoint USA. An information disclosure vulnerability exists in the ChargePoint Home Flex, which stems from a Bluetooth low-power information disclosure in the Wi-Fi setup logic, which could lead to a network-adjacent...

The vulnerability of the scmidebugfs_common_setup() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the scmi.debugfscommonsetup function in the drivers/firmware/armscmi/driver.c file of the Linux kernel is related to the repeated release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

Exploit for CVE-2024-4439

CVE-2024-4439 CVE-2024-4439: Docker and POC Lab Setting...

CVE-2024-9768

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-29292

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 = v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters...

CVE-2024-10127

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...

CVE-2024-29292

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 = v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters...

CVE-2024-29292

CVE-2024-29292 affects Kasda LinkSmart Router KW6512,

SUSE CVE-2024-49502

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

wordpress-really-simple-security-authn-bypass-vulnerable-appli...

CVE-2024-52429

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0...

CVE-2024-52429 WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through = 2.0...