Aggregator

CVE-2006-4267 | Devellion CubeCart up to 3.0.11 confirmed.php x_invoice_num sql injection (EDB-2198 / Nessus ID 22231)

Vuldb Updates
4 months 4 weeks ago
A vulnerability identified as critical has been detected in Devellion CubeCart up to 3.0.11. This impacts an unknown function of the file gateway/Protx/confirmed.php. Performing manipulation of the argument x_invoice_num results in sql injection. This vulnerability is reported as CVE-2006-4267. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2006-4267 | CubeCart confirmed.php x_invoice_num sql injection (EDB-2198 / Nessus ID 22231)

Vuldb Updates
4 months 4 weeks ago
A vulnerability was found in CubeCart. It has been rated as critical. This affects an unknown function of the file gateway/Authorize/confirmed.php. The manipulation of the argument x_invoice_num leads to sql injection. This vulnerability is referenced as CVE-2006-4267. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2006-4267 | CubeCart admin/login.php email cross site scripting (EDB-2198 / Nessus ID 22231)

Vuldb Updates
4 months 4 weeks ago
A vulnerability categorized as problematic has been discovered in CubeCart. This impacts an unknown function of the file admin/login.php. The manipulation of the argument email results in basic cross site scripting. This vulnerability is identified as CVE-2006-4267. The attack can be executed remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-8394 | Productive Style Plugin up to 1.1.23 on WordPress Shortcode display_productive_breadcrumb cross site scripting (EUVD-2025-29677 / CNNVD-202509-2832)

Vuldb Updates
4 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in Productive Style Plugin up to 1.1.23 on WordPress. Affected by this issue is the function display_productive_breadcrumb of the component Shortcode Handler. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-8394. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-10143 | Catch Dark Mode Plugin up to 2.0 on WordPress Shortcode catch_dark_mode file inclusion (EUVD-2025-29676 / CNNVD-202509-2835)

Vuldb Updates
4 months 4 weeks ago
A vulnerability categorized as critical has been discovered in Catch Dark Mode Plugin up to 2.0 on WordPress. This issue affects the function catch_dark_mode of the component Shortcode Handler. The manipulation results in file inclusion. This vulnerability is known as CVE-2025-10143. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-10166 | tw2113 Social Media Shortcodes Plugin up to 1.3.1 on WordPress Shortcode cross site scripting (EUVD-2025-29678 / CNNVD-202509-2834)

Vuldb Updates
4 months 4 weeks ago
A vulnerability was found in tw2113 Social Media Shortcodes Plugin up to 1.3.1 on WordPress. It has been classified as problematic. This issue affects the function Media of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-10166. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2025-10050 | Developer Loggers for Simple History Plugin up to 0.5 on WordPress enabled_loggers file inclusion (EUVD-2025-29674 / CNNVD-202509-2836)

Vuldb Updates
4 months 4 weeks ago
A vulnerability classified as problematic has been found in Developer Loggers for Simple History Plugin up to 0.5 on WordPress. This impacts an unknown function. The manipulation of the argument enabled_loggers leads to file inclusion. This vulnerability is referenced as CVE-2025-10050. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

0-Click ChatGPT Agent Vulnerability Allows Sensitive Data Exfiltration from Gmail

Cyber Security News
4 months 4 weeks ago

A zero-click vulnerability discovered in ChatGPT’s Deep Research agent allowed attackers to exfiltrate sensitive data from a user’s Gmail account without any user interaction. The flaw, which OpenAI has since patched, leveraged a sophisticated form of indirect prompt injection hidden within an email, tricking the agent into leaking personal information directly from OpenAI’s cloud infrastructure. […]

The post 0-Click ChatGPT Agent Vulnerability Allows Sensitive Data Exfiltration from Gmail appeared first on Cyber Security News.

Guru Baran

CVE-2022-50301 | Linux Kernel up to 6.0.2 omap2_iommu_dump_ctx len buffer overflow (Nessus ID 265266)

Vuldb Updates
4 months 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.0.2 and classified as critical. Affected is the function omap2_iommu_dump_ctx. The manipulation of the argument len results in buffer overflow. This vulnerability was named CVE-2022-50301. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

Managed ad