119 matches found
Thai Palliative SQL注入漏洞
Thai Palliative is a modified version of the PHP framework developed by DAMASAC KKU. Versions of Thai Palliative 3.0 and earlier have a SQL injection vulnerability. This vulnerability arises from the lack of cleaning or parameterization of the idFormMain parameter and the id parameter, which may...
Thai Palliative 安全漏洞
Thai Palliative is a modified version of the PHP framework developed by DAMASAC KKU. Versions of Thai Palliative 3.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the parameters idFormMain, id, and ptidkey were passed as raw user input in the...
Analysis of Personal Data Exposure in Thailand
In the digital era, personal data, particularly sensitive identifiers such as the Social Security Number and National Identification Number, have become a highly valuable asset, raising significant concerns regarding privacy and security. This study examines the risks associated with the online...
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The...
CVE-2022-37185
SQL injection vulnerability exists in the school information query interface repschoolproj.php of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage...
CVE-2025-13678
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
CVE-2025-13678
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
EUVD-2025-201398
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
CVE-2025-13678
CVE-2025-13678 : The Thai Lottery Widget WordPress plugin is vulnerable to authenticated Stored Cross-Site Scripting via the thailottery shortcode in all versions up to and including 2.5 due to insufficient sanitization of width and height attributes. Attackers with Contributor-level access or hi...
WordPress plugin Thai Lottery Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Thai Lottery Widget plugin <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Thai Lottery Widget versions = 2.5...
Malicious code in guras-asia-thai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60190b628dcfcf72fd62afbcafa8ffd4cf81aabfbb1791fd3bdcc2626d700fb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-28352
Malicious code in bioql PyPI...
WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability
Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.3...
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior...
WordPress SeedProd Pro plugin < 6.18.13 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ngô Thái An Patchstack Alliance in WordPress Plugin SeedProd Pro versions 6.18.13...
GHSA-FQ54-2J52-JC42 Next.js Denial of Service (DoS) condition
Impact A Denial of Service DoS condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. This vulnerability can affect all Next.js deployments on the affected versions. Patches This vulnerability was resolved in Next.js 13.5 and...
Next.js Denial of Service (DoS) condition
Impact A Denial of Service DoS condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. This vulnerability can affect all Next.js deployments on the affected versions. Patches This vulnerability was resolved in Next.js 13.5 and...