230 matches found
CVE-2025-47659
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...
CVE-2025-47659
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...
CVE-2025-47659 WordPress WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.1...
CVE-2025-47659
CVE-2025-47659 corresponds to a stored XSS in WPBakery Visual Composer WHMCS Elements due to improper input neutralization during web page generation. Affected product: WPBakery Visual Composer WHMCS Elements, versions up to 1.0.4.1 (per CVE description). Base metrics indicate a Medium severity (...
CVE-2025-47659 WordPress WPBakery Visual Composer WHMCS Elements plugin <= 1.0.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...
WordPress plugin WPBakery Visual Composer WHMCS Elements 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
SAP NetWeaver Visual Composer Metadata Uploader Arbitrary File Upload
SAP NetWeaver Visual Composer Metadata Uploader is affected by an improper authorization vulnerability allowing an unauthenticated attacker to upload arbitrary files allowing to achieve a Remote Code Execution. No source data...
Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver
SAP-CVE-2025-31324 POC A tool to detect and exploit a critica...
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...
Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver
Vulnerability and Indicator of Compromise IoC Scanner for CV...
VulnCheck KEV: CVE-2025-42999
SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content...
CVE-2025-46254
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...
SAP Netweaver Visual Composer Detection
Binary data sapnetweavervisualcomposerdetect.nbin...
The vulnerability of the MetadataUploader function in the Visual Composer tool of the SAP NetWeaver software integration platform allows a hacker to execute arbitrary code.
The vulnerability of the MetadataUploader function in the Visual Composer software integration platform of SAP NetWeaver lies in the ability to upload executable files without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially...
SAP NetWeaver Visual Composer Metadata Uploader Improper Authorization (CVE-2025-31324) (Direct Check)
Binary data sapnetweaverCVE-2025-31324.nbin...
CVE-2025-31324
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...
CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...
CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...
CVE-2025-31324
CVE-2025-31324 affects SAP NetWeaver Visual Composer Metadata Uploader (VCFRAMEWORK). Unauthenticated uploads to /developmentserver/metadatauploader allow remote code execution with SAP service user privileges (RCE in VCFRAMEWORK) and can compromise confidentiality, integrity, and availability. C...