7892 matches found
CVE-2024-4753
The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3112
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2024-0974
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29683)
D-Link DAP-2622 is a wireless access point AP from AUO D-Link that supports POE power supply and is mainly used for wireless network coverage in enterprise or commercial scenarios. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability, which stems from a...
D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29682)
D-Link DAP-2622 is a wireless access point AP from AUO D-Link that supports POE power supply and is mainly used for wireless network coverage in enterprise or commercial scenarios. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability, which stems from a...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the memblock component failing to properly warn about the use of MAXNUMNODES when setting up nodes...
CVE-2024-6138
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
(Pwn2Own) Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability
This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firewall rules. The issue results from...
CVE-2024-3410
The DN Footer Contacts WordPress plugin (DN Footer Contacts) has a stored XSS vulnerability in versions prior to 1.6.3 due to insufficient sanitization/escaping of certain settings. The issue could allow high-privilege users (e.g., admins) to execute Stored XSS, potentially in multisite setups wh...
CVE-2024-39934
Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...
CVE-2024-39934
Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...
Exploit for Race Condition in Openbsd Openssh
0.省流 这本质上是一种统计漏洞:需要进行大量尝试才能赢得竞争条件并成功执行任意代码,攻击者需要克服很多障碍,”Schwa...
PT-2024-28742 · Robotmk · Robotmk
Name of the Vulnerable Software and Affected Versions: Robotmk versions prior to 2.0.1 Description: The issue allows a local user to escalate privileges, for example, to SYSTEM, if automated Python environment setup is enabled. This is due to the "shared holotree usage" feature, which allows any...
CVE-2024-4627 Rank Math SEO < 1.0.219 - Authenticated Stored XSS
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...
CVE-2024-6130
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6130
The CVE-2024-6130 entry concerns The Form Maker by 10Web WordPress plugin prior to version 1.15.26, where certain settings are not properly sanitised/escaped. The Red Hat and CVE databases confirm this can enable Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disa...
USN-6851-1 netplan.io vulnerabilities
Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard configuration. An attacker could use this to obtain wireguard secret keys. It was discovered that netplan configuration could be manipulated into injecting arbitrary commands while...