7884 matches found
CVE-2023-29961
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,...
D-Link DIR-605L 缓冲区错误漏洞
The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L version 1.17B01 BETA suffers from a stack buffer overflow vulnerability due to incorrect boundary checking in /goform/formTcpipSetup. An attacker could exploit this vulnerability to cause a buffer overflow and...
CVE-2023-0892
The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1839
The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...
CVE-2023-0892
The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2009
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1839 Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting
The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...
CVE-2023-2009 Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0892 BizLibrary <= 1.1 - Admin+ Stored XSS
The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Stop Spammers Security < 2023 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...
The vulnerabilities of the functions arch_efi_call_virt_setup() and arch_efi_call_virt_teardown() in the arch/arm64/include/asm/efi.h file of the Extensible Firmware Interface (EFI) subsystem of the Linux operating system allow a malicious actor to execute arbitrary code.
The vulnerability of the functions archeficallvirtsetup and archeficallvirtteardown in the arch/arm64/include/asm/efi.h module of the Extensible Firmware Interface EFI subsystem of the Linux operating system is related to insufficient serialization. Exploiting this vulnerability could allow an...
DBargain <= 3.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Get Your Number <= 1.1.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the plugin's settings, enter the payload...
多款Canon产品安全漏洞
Canon imageCLASS MF644Cdw is a smart and efficient 3-in-1 color multifunction printer from Canon Japan. A security vulnerability exists in Canon Laser Printer, Inkjet Printer, and Small Office Multifunctional Printers that originates from the ability to install arbitrary files in the Setup Data...
PT-2023-7612 · Qualcomm · Qualcomm Embedded Platform
Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform affected versions not specified Description: The issue is related to a software vulnerability in Qualcomm's embedded platforms, specifically concerning insufficient input validation when receiving RRC setup messages...
Intel Setup and Configuration Software 安全漏洞
Intel Setup and Configuration Software Intel SCS is a modular, cross-platform experience from Intel Corporation USA. Discover, enable, and manage Intel features in your organization securely. A security vulnerability exists in Intel Setup and Configuration Software. An attacker could exploit the...
CVE-2023-0894
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
Cross site scripting
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2023-1649 ChatBot < 4.5.1 - Admin+ Stored XSS
The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0894 Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...