Tag

Web Application Vulnerability

4 briefs RSS

CVE-2018-25326: Google Drive for WordPress Path Traversal Vulnerability

Google Drive for WordPress 2.2 is vulnerable to path traversal (CVE-2018-25326), allowing unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter.

Google Drive for WordPress 2.2 path traversal wordpress CVE-2018-25326 web application vulnerability

2r 1t 1c May 17, 2026

medium advisory

Pega Platform Vulnerability Allows Cross-Site Scripting

2 rules 1 TTP

A remote, anonymous attacker can exploit a vulnerability in Pega Platform to perform a cross-site scripting (XSS) attack, potentially leading to session hijacking or malicious script execution in a user's browser.

Pega Platform cross-site scripting web application vulnerability

2r 1t May 13, 2026

medium advisory

Proticaret E-Commerce Reflected XSS Vulnerability (CVE-2026-3953)

2 rules 1 TTP 1 CVE

A reflected cross-site scripting (XSS) vulnerability exists in Gosoft Software Industry and Trade Ltd. Co.'s Proticaret E-Commerce software (versions v5.0.0 before V 6.0.1767.1383) due to improper neutralization of input during web page generation, potentially allowing attackers to execute arbitrary JavaScript in a user's browser.

Proticaret E-Commerce xss cross-site scripting reflected xss web application vulnerability

2r 1t 1c May 7, 2026

critical threat

Shenzhen Libituo Technology LBT-T300-HW1 Buffer Overflow Vulnerability

2 rules 1 TTP 1 CVE

A buffer overflow vulnerability exists in Shenzhen Libituo Technology LBT-T300-HW1 version 1.2.8 and earlier, allowing remote attackers to execute arbitrary code by manipulating the Channel/ApCliSsid argument in the start_lan function of the /apply.cgi file.

LBT-T300-HW1 buffer overflow remote code execution web application vulnerability

2r 1t 1c May 3, 2026