CVE-2024-57784

CVE-2024-57784

Título es
CVE-2024-57784

Jue, 16/01/2025 – 23:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-57784

Descripción en
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.

17/01/2025
17/01/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://gist.github.com/s4fv4n/8cc4e4cb6fd028e803898837b73aa342

    • Enviar en el boletín
    Off

    CVE-2024-57703

    CVE-2024-57703

    Título es
    CVE-2024-57703

    Jue, 16/01/2025 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57703

    Descripción en
    Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.

    17/01/2025
    17/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Pr0b1em/IoT/blob/master/Tenda%20AC8v4%20V16.03.34.06.md

    • Enviar en el boletín
    Off

    CVE-2025-23808

    CVE-2025-23808

    Título es
    CVE-2025-23808

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23808

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/custom-list-table-example/vulnerability/wordpress-custom-list-table-example-plugin-1-4-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23807

    CVE-2025-23807

    Título es
    CVE-2025-23807

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23807

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/spiderpowa-embed-pdf/vulnerability/wordpress-spiderpowa-embed-pdf-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23821

    CVE-2025-23821

    Título es
    CVE-2025-23821

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23821

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Aleapp WP Cookies Alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through 1.1.1.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wp-cookies-alert/vulnerability/wordpress-wp-cookies-alert-plugin-1-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23820

    CVE-2025-23820

    Título es
    CVE-2025-23820

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23820

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Laxman Thapa Content Security Policy Pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through 1.3.5.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/content-security-policy-pro/vulnerability/wordpress-content-security-policy-pro-plugin-1-3-5-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23818

    CVE-2025-23818

    Título es
    CVE-2025-23818

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23818

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/more-link-modifier/vulnerability/wordpress-more-link-modifier-plugin-1-0-3-csrf-to-cross-site-scripting-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23817

    CVE-2025-23817

    Título es
    CVE-2025-23817

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23817

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Mahadir Ahmad MHR-Custom-Anti-Copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through 2.0.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/mhr-custom-anti-copy/vulnerability/wordpress-mhr-custom-anti-copy-plugin-2-0-csrf-to-stored-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23816

    CVE-2025-23816

    Título es
    CVE-2025-23816

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23816

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/mtphr-widgets/vulnerability/wordpress-metaphor-widgets-plugin-2-4-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23815

    CVE-2025-23815

    Título es
    CVE-2025-23815

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23815

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/root-cookie/vulnerability/wordpress-root-cookie-plugin-1-6-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off