📄 WordPress AI Engine 3.1.3 Remote Code Execution

This Metasploit module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions less than or equal to 3.1.3. The vulnerability allows an attacker to create an administrator account via the MCP Model Context Protocol endpoint without authentication. The module supports...

CVE-2025-11749

creationtimestamp| type| source ---|---|--- 2025-11-04 18:16:51+00:00| seen| https://gist.github.com/Darkcrai86/5ab8c8bddb9e8b895b9fb30eb97aebd5 2025-11-05 04:47:13+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4uakng6iea2 2025-11-05 06:01:42+00:00| seen|...

CVE-2024-11749 App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

Ubuntu: Security Advisory (USN-4122-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2019-25) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Pandora FMS Cross-Site Scripting (CVE-2020-11749)

A cross-site scripting vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...

PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting

Exploit Title: PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Date: 2020-07-01 Author: AppleBois Version: 7xx ≤ 746 Homepage: https://pandorafms.org/ Software Link: https://sourceforge.net/projects/pandora/files/Pandora FMS 7.0NG/ CVE-2020-11749 By asking network administrator to scan SN...

Puppet Enterprise 2016.x < 2016.4.15 / 2017.x < 2017.3.10 / 2018.x < 2018.1.4 Plaintext Credential Vulnerability

A plaintext credential vulnerability exists when users are configured to use startTLS with Role-Based Access Control RBAC Lightweight Directory Access Protocol LDAP. An unauthenticated, remote attacker can exploit this to bypass authentication to see the users credentials in plaintext...

CVE-2019-11749

CVE-2019-11749 describes an information-disclosure vulnerability in WebRTC: malicious content can probe the getUserMedia constraints to reveal camera device properties without user prompt, enabling potential user fingerprinting. Affected products are Firefox prior to 69 and Firefox ESR prior to 6...

Mozilla Firefox < 69.0

The version of Firefox installed on the remote Windows host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported memory safe...

Mozilla Firefox ESR Security Advisories (MFSA2019-25, MFSA2019-27) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Ubuntu: Security Advisory (USN-4122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox < 69.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported...

Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1

Sept. 4, 2019 Andrey Cherepanov 68.1.0-alt1 - New ESR version 68.1.0. - Fixed: + CVE-2019-11751 Malicious code execution through command line parameters + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML +...

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS...

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS...

CVE-2018-11749

CVE-2018-11749 affects Puppet Enterprise when startTLS with RBAC LDAP is configured; at login time, user credentials are sent in plaintext to the LDAP server. Affected PE versions: 2018.1.3, 2017.3.9, and 2016.4.14. Fixes are available in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. Seve...

CVE-2017-11749

CVE-2017-11749 affects InternetSoft FTP Commander 8.02 and earlier. The root cause is an untrusted search path that allows DLL hijacking via a Trojan horse dwmapi.dll file. This brief description is supported by multiple records (NVD/Red Hat/CNVD/CVE listings). The connected documents do not prov...