CVE-2025-12679 Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.0

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

CVE-2020-12679

A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...

CVE-2024-12679

creationtimestamp| type| source ---|---|--- 2025-05-20 19:43:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17066...

WordPress Prisna GWT plugin < 1.4.14 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Prisna GWT – Google Website Translator versions 1.4.14...

CVE-2024-12679

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12679

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12679

The CVE-2024-12679 affects the Prisna GWT WordPress plugin and is due to inadequate sanitisation/escaping of certain settings in versions before 1.4.14. This can enable admin-level Stored XSS even when unfiltered_html is disallowed (e.g., multisite). The impact is stored XSS with potential privil...

CVE-2024-12679 Prisna GWT < 1.4.14 - Admin+ Stored XSS

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12679 Prisna GWT < 1.4.14 - Admin+ Stored XSS

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2020-12679

CVE-2020-12679: A reflected XSS in Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote injection of JavaScript/HTML via PATH_INFO to home.php. Connected sources corroborate the same vulnerability across NVD/Red Hat/CNVD entries, with no public evid...

CVE-2020-12679

A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...

CVE-2019-12679

Cisco Firepower Management Center (FMC) exposes multiple SQL injection vulnerabilities in its web-based management interface due to improper input validation. An authenticated, remote attacker could send crafted SQL queries to the FMC backend, potentially viewing restricted data, altering configu...

CVE-2018-12679

The Serialize.deserialize method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, example collect CoAP server and client when they receive crafted CoAP messages...

CVE-2018-12679

The vulnerability CVE-2018-12679 affects CoAPthon3 (versions 1.0 and 1.0.1) where Serialize.deserialize() mishandles certain exceptions, causing a denial of service in apps using the library (e.g., standard CoAP server/client) upon processing crafted CoAP messages. The root cause is exception han...

CVE-2017-12679

NexusPHP 1.5.beta5.20120707 is affected by a SQL injection in cheaterbox.php via the delcheater parameter. The vulnerability allows a remote attacker to send the delcheater parameter to cheaterbox.php to execute arbitrary SQL commands. The CVE description and CNVD entry confirm the affected produ...