SEO Plugin by Squirrly SEO < 12.3.16 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview

The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Chart Builder < 1.9.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1131)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527: Atlassian Confluence Vulnerability Introdu...

The vulnerability of the Setup sub-component, part of the Admin component in Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Setup sub-component and the Admin component of Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...

WebSub (FKA. PubSubHubbub) < 3.2.0 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

CVE-2023-46889

Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...

CVE-2023-42144

Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...

Design/Logic Flaw

Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Lỗ hổng Phân Quyền Không Chính Xác trong Conflu...

SolaX Pocket WiFi Security Vulnerability

SolaX Power SolaX Pocket WiFi is a portable WiFi from SolaX Power. A security vulnerability exists in SolaX Pocket WiFi version 3 through 3.001.02, which originates from an attacker being able to obtain a plaintext copy of the device's network configuration during device setup and reconfiguration...

Shelly TRV Security Vulnerability

Shelly TRV is a Wi-Fi connected radiator thermostat from Shelly. A security vulnerability exists in Shelly TRV version 20220811-152343 v.2.1.8, which stems from a plaintext transmission during initial setup that allows a local attacker to obtain the Wi-Fi password...

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

PT-2024-13386 · Meross · Meross Msh30Q

Name of the Vulnerable Software and Affected Versions: Meross MSH30Q version 4.5.23 Description: The issue concerns the transmission of sensitive information in cleartext during the device setup phase. When setting up the device, it creates an unprotected Wi-Fi access point and requires the user ...

PT-2024-13034 · Allterco · Shelly Trv

Name of the Vulnerable Software and Affected Versions: Shelly TRV version 2.1.8 Description: The issue allows a local attacker to obtain the Wi-Fi password due to cleartext transmission during the initial setup. Recommendations: For Shelly TRV version 2.1.8, update to a version that addresses the...

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...