Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
st vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2995
The Leyka WordPress plugin prior to 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup...
Te-st Leyka
NA
CVE-2023-33325
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.
Te-st Leyka
NA
CVE-2023-27450
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.
Te-st Leyka
NA
CVE-2023-39314
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions.
Te-st Leyka
570
VMScore
CVE-2003-0392
Directory traversal vulnerability in ST FTP Service 3.0 allows remote malicious users to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).
St Ftp Service 3.0
755
VMScore
CVE-2008-0683
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter.
Wordpress St Newsletter Plugin
1 EDB exploit
606
VMScore
CVE-2021-24487
The St-Daily-Tip WordPress plugin up to and including 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow malicious ...
Sanskruti St-daily-tip
NA
CVE-2023-50096
STMicroelectronics STSAFE-A1xx middleware prior to 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applicatio...
St X-cube-safea1 1.2.0
685
VMScore
CVE-2009-1799
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parame...
Sebastian-thiele St-gallery 0.1 Alpha
1 EDB exploit
NA
CVE-2021-42553
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions prior to 3.5.1 allows an malicious user to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS ...
St Stm32 Mw Usb Host -
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »