1453 matches found
CVE-2026-0555
The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the premmerce_wizard_actions AJAX endpoint in all versions up to and including 1.3.20. The root cause is missing capability checks and insufficient input sanitization and output escaping on the state parameter, en...
PT-2026-6887
Name of the Vulnerable Software and Affected Versions Premmerce plugin for WordPress versions up to and including 1.3.20 Description The Premmerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the premmerce wizard actions API endpoint. The issue stems from a lack of...
CVE-2020-37150
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...
CVE-2020-37150
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...
CVE-2020-37150
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...
EUVD-2020-31042
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...
CVE-2020-37150 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Unauthorized Access: Wi-Fi Password Disclosure
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...
CVE-2020-37150
Affected software: Edimax EW-7438RPn-v3 Mini, version 1.27. The vulnerability allows unauthenticated attackers to access the /wizard_reboot.asp endpoint in unsetup mode, disclosing the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by issuing a GET request to this endpo...
WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability
Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin LC Wizard versions = 2.1.1...
Edimax EW-7438RPn-v3 Mini 安全漏洞
The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini contains a security vulnerability. This vulnerability allows unverified attackers to access the /wizardreboot.asp page, potentially leading to the...
PT-2026-6590
Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27 Description The Edimax EW-7438RPn-v3 Mini version 1.27 allows unauthenticated attackers to access the /wizard reboot.asp API endpoint in unsetup mode. This access discloses the Wi-Fi SSID and security key...
📄 Nagios XI Monitoring Wizard Command Injection
Nagios XI is a widely used enterprise monitoring solution. A vulnerability exists within the Monitoring Wizard configuration page where the database parameter is unsafely passed into backend operations. Authenticated users can exploit this to execute arbitrary system commands, allowing full remot...
CVE-2020-37075
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...
CVE-2020-37074
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler SEH bypass and execute shellcode when...
CVE-2020-37075 LanSend 3.2 - Buffer Overflow (SEH)
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...
CVE-2020-37075
Affected software: LanSend 3.2. Vulnerability: Buffer overflow in the Add Computers Wizard file import functionality. This allows overwriting Structured Exception Handler (SEH) and executing shellcode when importing a crafted payload file. Impact: Remote code execution with high impact to confide...
CVE-2020-37075 LanSend 3.2 - Buffer Overflow (SEH)
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...
CVE-2020-37075
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...
CVE-2020-37074
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler SEH bypass and execute shellcode when...
CVE-2020-37074 Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH)
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler SEH bypass and execute shellcode when...