36 matches found
EUVD-2022-53503
Malicious code in bioql PyPI...
CVE-2025-49425
Cross-Site Request Forgery CSRF vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through = v0.4...
CVE-2025-49425
Cross-Site Request Forgery CSRF vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through = v0.4...
CVE-2025-49425
CVE-2025-49425 concerns the Konami Easter Egg WordPress plugin. According to the provided documents, it involves a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS in the Konami Easter Egg feature (v0.4 and earlier). The exploit details are not publicly provided beyond this...
Alphion ASEE-1443 安全漏洞
The Alphion ASEE-1443 is a wireless router from Alphion. A security vulnerability exists in the Alphion ASEE-1443 version v0.4.H.00.02.15, which stems from a misconfiguration of the default DNS suffix, which could lead to the disclosure of sensitive information...
GHSA-4JMM-C6JW-G796 Filestash configured to skip TLS certificate verification when using the FTPS protocol
filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...
CVE-2024-41258
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41255
filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...
CVE-2024-41258
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41256
Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...
CVE-2024-41255
filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...
CVE-2024-41256
Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...
CVE-2024-41256
CVE-2024-41256 concerns filestash v0.4, where default configurations in the ShareProofVerifier can skip TLS certificate verification when sending email verification codes. This creates a potential for a man-in-the-middle to access sensitive data through tampered or intercepted email communication...
CVE-2024-41258
The CVE-2024-41258 issue affects filestash v0.4, where the code uses ssh.InsecureIgnoreHostKey(), which disables host key verification. This configuration can allow a man-in-the-middle attacker to potentially access sensitive information. The issue is documented across multiple sources (Red Hat, ...
CVE-2024-41255
Summary: Filestash v0.4 is configured to skip TLS certificate verification when using FTPS, potentially allowing a man‑in‑the‑middle attack via the Init function of index.go. Root cause: insecure TLS validation (InsecureSkipVerify style setting) leads to certificate trust bypass. Impact: high ris...
NanoCMS 0.4 Remote Code Execution
Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Date: 2022-07-26 Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS...
CVE-2022-32324
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc...
CVE-2022-32324
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc...
CVE-2022-32324
PDFAlto v0.4 is affected by a heap buffer overflow in the component /pdfalto/src/pdfalto.cc. The CVE-2022-32324 entry documents this vulnerability with a high/severe impact (CVSSv2 base 7.5, CVSSv3 base 9.8) and network attack vector with no authentication, but no public exploitation details or r...
CVE-2022-32324
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc...