20 matches found
CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable
The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...
EUVD-2019-6312
Malware in sbrugna...
EUVD-2019-6313
Malware in sbrugna...
EUVD-2025-31818
Malicious code in bioql PyPI...
CVE-2025-9075
CVE-2025-9075 is a stored cross-site scripting vulnerability in the WordPress plugin ZoloBlocks (versions up to and including 2.3.10). The issue stems from insufficient input sanitization and output escaping on user-supplied attributes across multiple Gutenberg blocks (Google Maps markers, Lightb...
CVE-2025-60161
CVE-2025-60161: ZoloBlocks (ZoloBlocks plugin)
CVE-2025-53210
The CVE-2025-53210 entry concerns bdthemes ZoloBlocks
CVE-2019-15312
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an...
CVE-2019-15311
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command...
Unspecified vulnerability in Linkplay firmware
The Anker Zolo Halo is a smart speaker from Anker Philippines. A security vulnerability exists in the Linkplay firmware. An attacker can exploit the vulnerability to execute code...
Unspecified vulnerability in Linkplay firmware
The Anker Zolo Halo is a smart speaker from Anker Philippines. A security vulnerability exists in the Linkplay firmware. An attacker can exploit the vulnerability to execute code...
Unspecified vulnerability in Linkplay firmware
The Anker Zolo Halo is a smart speaker from Anker Philippines. A security vulnerability exists in the Linkplay firmware. An attacker can exploit the vulnerability to execute code...
CVE-2019-15311
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command...
CVE-2019-15312
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an...
Command injection
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command...
Command injection
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an...
CVE-2019-15312
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an...
CVE-2019-15312
Affected software: Zolo Halo devices running Linkplay firmware. Vulnerability: DNS rebinding combined with multiple /httpapi.asp endpoint command-execution issues could allow remote compromise from the Internet. Root cause: DNS rebinding exposure enabling exploitation of endpoint commands. Impact...
CVE-2019-15311
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command...
CVE-2019-15311
CVE-2019-15311 affects Zolo Halo devices via the Linkplay firmware. The vulnerability resides in the GoAhead web server running on port 80, with the /httpapi.asp endpoint exposing multiple command-execution flaws that enable LAN remote code execution. Multiple connected sources corroborate a GoAh...