CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52812 – LF Edge eKuiper has Stored XSS in Rules Functionality
https://notcve.org/view.php?id=CVE-2024-52812
10 Mar 2025 — LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue. • https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1638 – Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover
https://notcve.org/view.php?id=CVE-2025-1638
28 Feb 2025 — The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password. • https://themeforest.net/item/alloggio-hotel-booking-theme/26775539 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-43406 – LF Edge eKuiper has a SQL Injection in sqlKvStore
https://notcve.org/view.php?id=CVE-2024-43406
20 Aug 2024 — LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2. • https://github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34376 – WordPress Edge theme <= 2.0.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34376
03 May 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Theme Freesia Edge permite almacenar XSS. Este problema afecta a Edge: desde n/a hasta 2.0.9. The Edge theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and includi... • https://patchstack.com/database/vulnerability/edge/wordpress-edge-theme-2-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25068 – Magazine Edge <= 1.13 - Authenticated (Subscriber+) Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2023-25068
02 Feb 2023 — The Magazine Edge theme for WordPress is vulnerable to authorization bypass in versions up to, and including 1.13, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 23%CPEs: 2EXPL: 1CVE-2019-6288
https://notcve.org/view.php?id=CVE-2019-6288
22 Sep 2021 — Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. Los dispositivos Edgecore ECS2020 Firmware versión 1.0.0.0, permiten una inyección de comandos no autenticados por medio del encabezado HTTP command1 al URI /EXCU_SHELL • https://twitter.com/r00treaver/status/1232407881464635401 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10644
https://notcve.org/view.php?id=CVE-2016-10644
04 Jun 2018 — slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. slimerjs-edge es un wrapper npm para instalar la versión bleeding edge de slimerjs. slimerjs-edge descarga recur... • https://nodesecurity.io/advisories/243 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0632
https://notcve.org/view.php?id=CVE-2007-0632
31 Jan 2007 — SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. Vulnerabilidad de inyección SQL en artreplydelete.asp de ASP EDGE 1.3a y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie "nombre de usuario", vector distinto a CVE-2007-0560. • http://osvdb.org/36634 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0560 – ASP EDGE 1.2b - 'user.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0560
30 Jan 2007 — SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. Vulnerabilidad de inyección SQL en user.asp de ASP EDGE 1.2b y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro user. • https://www.exploit-db.com/exploits/3186 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3137
https://notcve.org/view.php?id=CVE-2006-3137
22 Jun 2006 — Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en productDetail.asp en Edge eCommerce Shop, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro cart_id . • http://pridels0.blogspot.com/2006/06/edge-ecommerce-shop-xss.html •