Category: Vulnerabilities

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. Assigner : cve@mitre.org More information : https://gist.github.com/xyqer1/84dc6d8b3f92597d1d597b2799c2c45f

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. Assigner : cve@mitre.org More information : https://gist.github.com/xyqer1/d195ea1eb37ba1cc5f709b1d4fc1a2c6

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of...

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys,...

RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function. Assigner : cve@mitre.org More information : https://gist.github.com/xyqer1/6145c00a51093baad7ab5b8293a06e80

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a...

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/c9-blocks/vulnerability/wordpress-c9-blocks-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in burgersoftware SpaBiz allows DOM-Based XSS. This issue affects SpaBiz: from n/a through 1.0.18. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/theme/spabiz/vulnerability/wordpress-spabiz-plugin-1-0-18-cross-site-scripting-xss-vulnerability?_s_id=cve

Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetMenu: from n/a through 2.4.9. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/jet-menu/vulnerability/wordpress-jetmenu-2-4-9-broken-access-control-vulnerability?_s_id=cve

Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-path-traversal-vulnerability?_s_id=cve

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS. This issue affects Advanced Custom Fields: Link Picker Field: from n/a through...

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-0-1-shortcode-injection-vulnerability?_s_id=cve

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve