6 matches found
CVE-2026-22781
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
CVE-2026-22781 TinyWeb CGI Command Injection
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
CVE-2024-7149
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, t...
PT-2024-38111 · WordPress · Eventin
Name of the Vulnerable Software and Affected Versions: Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress versions up to, and including, 4.0.8 Description: The Eventin plugin for WordPress is vulnerable to Local File Inclusion via multiple style parameters. This...
Mail.ru: XSS в письме, в теле письма.
Здравствуйте! XSS срабатывает на e.mail.ru, m.mail.ru, light.mail.ru и в мобильном приложении. Уязвимость присутствует в параметрах стилей, в ...здесь... срабатывает, если экранировать символы. Рабочий вектор здесь одиночные бэкслэш, в примере ещё ниже хостинг обрезал до одиночных: i\\ Отправка...
Apple WebKit / Safari DoS
Crash on SGV style parameters parsing...