CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22360 – WordPress WP Azure offload plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22360
17 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0. The WP Azure offload plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they ... • https://patchstack.com/database/wordpress/plugin/wp-azure-offload/vulnerability/wordpress-wp-azure-offload-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-25110 – Azure IoT Platform Device SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-25110
12 Feb 2024 — The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. UAMQP es una librería C de uso general para AMQP 1.0. • https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24087 – Azure IoT CLI extension Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-24087
25 Feb 2021 — Azure IoT CLI extension Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en la extensión de la CLI Azure IoT • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 21%CPEs: 1EXPL: 3CVE-2017-6506 – Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-6506
07 Mar 2017 — In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. En Azure Data Expert Ultimate 2.2.16, la función de verificación SMTP sufre una vulnerabilidad de desbordamiento de búfer, lo que lleva a una ejecución remota de código. El vector de ataque es un demonio SMTP manipulado que envía una cadena 220 larga (también conocida... • https://packetstorm.news/files/id/141502 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7876
https://notcve.org/view.php?id=CVE-2015-7876
21 Oct 2015 — The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. La función escapeLike en sqlsrv/database.inc en el controlador de Drupal 7 para SQL Server y SQL Azure 7.x-1.x en versiones anteriores a 7.x-1.4 no escapa adecuadamente ciertos carácteres, lo que permite a atacantes remoto... • http://cgit.drupalcode.org/sqlsrv/commit/?id=2ea0da8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •