๐จ CVE-2023-26320
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
๐@cveNotify
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
๐@cveNotify
Mi
Xiaomi Security Center
Xiaomi Product Security Center provides users and partners of Xiaomi with detailed information on the security status of our smartphones and IoT products, including product security advisories and notices, security updates and support information, and securityโฆ
๐จ CVE-2023-26315
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
๐@cveNotify
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
๐@cveNotify
Mi
ไบงๅๅฎๅ
จไธญๅฟ
ๅฐ็ฑณไบงๅๅฎๅ
จไธญๅฟไธบๅฐ็ฑณ็็จๆทๅๅไฝไผไผดๆไพไบ่ฏฆ็ป็ๆๅ
ณๆบ่ฝๆๆบๅIoTไบงๅๅฎๅ
จ็ถๅต็ไฟกๆฏ๏ผ่ฆ็ไบงๅๅฎๅ
จๅปบ่ฎฎไธๅ
ฌๅใๅฎๅ
จๆดๆฐไธๆฏๆๆ
ๅต๏ผไปฅๅๅฎๅ
จๆผๆดๅๅบ่งๅใ
๐จ CVE-2024-45277
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.
๐@cveNotify
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.
๐@cveNotify
๐จ CVE-2024-3506
A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.
๐@cveNotify
A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.
๐@cveNotify
๐จ CVE-2024-8422
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial
of service and loss of confidentiality & integrity when application user opens a malicious Zelio
Soft 2 project file.
๐@cveNotify
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial
of service and loss of confidentiality & integrity when application user opens a malicious Zelio
Soft 2 project file.
๐@cveNotify
๐จ CVE-2024-8433
The Easy Mega Menu Plugin for WordPress โ ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โthemehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added.
๐@cveNotify
The Easy Mega Menu Plugin for WordPress โ ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โthemehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added.
๐@cveNotify
๐จ CVE-2024-8518
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft
2 application when a specially crafted project file is loaded by an application user.
๐@cveNotify
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft
2 application when a specially crafted project file is loaded by an application user.
๐@cveNotify
๐จ CVE-2024-8629
The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify
The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify
๐จ CVE-2024-8488
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
๐@cveNotify
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
๐@cveNotify
๐จ CVE-2024-8884
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that
could cause exposure of credentials when attacker has access to application on network over
http
๐@cveNotify
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that
could cause exposure of credentials when attacker has access to application on network over
http
๐@cveNotify
๐จ CVE-2024-9005
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
๐@cveNotify
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
๐@cveNotify
๐จ CVE-2024-9207
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify
๐จ CVE-2024-8431
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.
๐@cveNotify
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.
๐@cveNotify
๐จ CVE-2024-8482
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โurlโ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โurlโ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
๐จ CVE-2023-40313
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
๐@cveNotify
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
๐@cveNotify
๐จ CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.
๐@cveNotify
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.
๐@cveNotify
๐จ CVE-2018-0576
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
๐@cveNotify
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
๐@cveNotify
jvn.jp
JVN#85531148: WordPress plugin "Events Manager" vulnerable to cross-site scripting
Japan Vulnerability Notes
๐จ CVE-2018-13137
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
๐@cveNotify
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
๐@cveNotify
Blogspot
CVE-2018-13137 - XSS in The Events Manager
Exploit Author: Mohammed Ansari( ansaert@gmail.com ) LinkedIn: https://www.linkedin.com/in/ansaert/ Discovered Date: July 3 2018 Affe...
๐จ CVE-2015-9298
The events-manager plugin before 5.6 for WordPress has code injection.
๐@cveNotify
The events-manager plugin before 5.6 for WordPress has code injection.
๐@cveNotify
WordPress.org
Events Manager โ Calendar, Bookings, Tickets, and more!
Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.