32 matches found
CVE-2026-39442
Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...
EUVD-2026-37684
Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...
CVE-2026-39442 WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...
CVE-2025-49912
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through = 1.2.26...
EUVD-2025-35543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through = 1.2.26...
CVE-2025-49912
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through = 1.2.26...
WordPress Email Subscription Popup plugin <= 1.2.26 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Kim YunJi in WordPress Plugin Email Subscription Popup versions = 1.2.26...
WordPress plugin Nks Email Subscription Popup Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-43179
Name of the Vulnerable Software and Affected Versions Nks Email Subscription Popup versions through 1.2.26 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...
DEBIAN-CVE-2025-46825
Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...
Exploit for Improper Input Validation in Cacti
CVE-2024-25641 Exploit for Cacti 1.2.26 Exploiting CVE-2024-2...
WordPress plugin Flexible Wishlist for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-6601 · WordPress · The Flexible Wishlist For Woocommerce
Name of the Vulnerable Software and Affected Versions: Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress versions up to, and including, 1.2.26 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...
PT-2024-38372 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.26 Description: The issue allows an unauthenticated attacker to inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character, such as xa0. This can be exploite...
Exploit for Improper Input Validation in Cacti
CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 Fully auto...
Exploit for Improper Input Validation in Cacti
This repository is a PoC exploit for CVE-2024-25641, a vulnerabi...
Cacti 1.2.26 Remote Code Execution
---------------------------------------------------------------- Cacti = 1.2.26 import.php Remote Code Execution Vulnerability ---------------------------------------------------------------- - Software Link: https://cacti.net - Affected Versions: Version 1.2.26 and prior versions. - Vulnerabilit...
Cacti cross-site scripting vulnerability (CNVD-2023-10109007)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . Cacti versions prior to 1.2.26 cross-site scripting vulnerability ,...
Design/Logic Flaw
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. Bypassing an earlier fix CVE-2023-39360 that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the...
CVE-2023-49086 Cacti is vulnerable to cross-Site scripting (XSS) DOM
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...