780 matches found
CVE-2025-40710 Host Header Injection (HHI) in the Hotspot Shield VPN client
Host Header Injection HHI vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Ho...
Intersections Hotspot Shield VPN 注入漏洞
Intersections Hotspot Shield VPN is a virtual private network VPN service product from Intersections, Inc. Intersections Hotspot Shield VPN suffers from an injection vulnerability that stems from an injection issue in the processing of the Host header, which could result in request redirection or...
PT-2025-27434 · Unknown · Hotspot Shield Vpn
Name of the Vulnerable Software and Affected Versions: Hotspot Shield VPN client affected versions not specified Description: The issue concerns a Host Header Injection HHI vulnerability, which can cause unexpected behavior when accessing third-party web applications through the VPN tunnel. This...
CVE-2025-5926 Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the linkshieldmenuoptions function. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-5926
The CVE-2025-5926 entry concerns the Link Shield WordPress plugin. Connected sources confirm a Cross-Site Request Forgery weakness due to missing nonce validation in link_shield_menu_options(), enabling unauthenticated requests to update settings and inject stored scripts. Affected versions are u...
CVE-2025-5926 Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the linkshieldmenuoptions function. This makes it possible for unauthenticated attackers to update settings and...
PT-2025-25376 · WordPress · Link Shield
Name of the Vulnerable Software and Affected Versions: The Link Shield plugin for WordPress versions up to, and including, 0.5.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the link shield menu options function. This allows...
WordPress plugin Link Shield 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2024-7825
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7826
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrURL.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2023-48708
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
CVE-2023-27580
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...
CVE-2021-1069
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
CVE-2021-1068
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges...
CVE-2021-27189
The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation...
CVE-2021-1067
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges...
CVE-2010-5176
Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
CVE-2019-5699
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, co...
CVE-2019-5681
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure...