CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22826 – WordPress Sell Digital Downloads plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22826
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce, wp.insider Sell Digital Downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through 2.2.7. The Sell Digital Downloads plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and... • https://patchstack.com/database/wordpress/plugin/sell-digital-downloads/vulnerability/wordpress-sell-digital-downloads-plugin-2-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8475 – Protection Mechanism Failure in Digital Operation Services' WiFiBurada
https://notcve.org/view.php?id=CVE-2024-8475
17 Dec 2024 — Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. • https://www.usom.gov.tr/bildirim/tr-24-1888 • CWE-302: Authentication Bypass by Assumed-Immutable Data CWE-799: Improper Control of Interaction Frequency •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8429 – Improper Authentication in Digital Operation Services' WiFiBurada
https://notcve.org/view.php?id=CVE-2024-8429
17 Dec 2024 — Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. • https://www.usom.gov.tr/bildirim/tr-24-1888 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51114
https://notcve.org/view.php?id=CVE-2024-51114
03 Dec 2024 — An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51836 – WordPress Wezido plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51836
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teconce Wezido allows DOM-Based XSS.This issue affects Wezido: from n/a through 1.2. The Wezido plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execut... • https://patchstack.com/database/vulnerability/wezido-elementor-addon-based-on-easy-digital-downloads/wordpress-wezido-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49242 – WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49242
14 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Shafiq Digital Lottery permite cargar un shell web a un servidor web. Este problema afecta a Digital Lottery: desde n/a hasta 3.0.5. The Digital Lottery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type va... • https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22170 – Unchecked buffer in Dynamic DNS client
https://notcve.org/view.php?id=CVE-2024-22170
26 Sep 2024 — Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP responses provided to the ddns-start program. The iss... • https://www.westerndigital.com/support/product-security/wdc-24005-western-digital-my-cloud-os-5-firmware-5-29-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8585 – LEARNING DIGITAL Orca HCM - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2024-8585
09 Sep 2024 — Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8042-f9f26-2.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8327 – HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - SQL injection
https://notcve.org/view.php?id=CVE-2024-8327
30 Aug 2024 — Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents. Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete datab... • https://www.twcert.org.tw/en/cp-139-8032-a3d5c-2.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42905
https://notcve.org/view.php?id=CVE-2024-42905
28 Aug 2024 — Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file. • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •