10 matches found
CVE-2025-12696
creationtimestamp| type| source ---|---|--- 2025-12-14 07:03:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/115716641088388737 2025-12-15 08:50:48+00:00| seen| https://gist.github.com/Darkcrai86/2828734cda9ac44bdac5a22dde4d38bd...
CVE-2024-12696 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisperpictureuploadguest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user...
CVE-2024-12696 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisperpictureuploadguest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user...
CVE-2024-12696
CVE-2024-12696 pertains to the WordPress plugin “Picture Gallery – Frontend Image Uploads, AJAX Photo List” and enables Stored XSS via the videowhisper_picture_upload_guest shortcode. It affects all versions up to 1.5.22 due to insufficient input sanitization/output escaping on user attributes. E...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a...
CVE-2020-12696
CVE-2020-12696 affects the WordPress iframe plugin (versions before 4.5). The issue is that the plugin does not sanitize user-supplied URLs in the iframe, enabling a potential cross-site scripting (XSS) vector. Multiple sources cite this as an authenticated stored XSS vulnerability, with remediat...
CVE-2019-12696
Cisco Firepower System Software Detection Engine contains bypass vulnerabilities that allow an unauthenticated, remote attacker to bypass Malware and File Policies for RTF and RAR file types. The issue is addressed by Cisco in a security advisory with software updates; apply the relevant firmware...
CVE-2018-12696
mao10cms 6 is affected by a cross-site scripting (XSS) vulnerability in the article page. The CVE entry for CVE-2018-12696, corroborated by CNVD-2018-12115 and other sources, states that an XSS flaw exists in mao10cms version 6, enabling arbitrary script/HTML injection via the article page. The r...
WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities
WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities WHM.AutoPilot Multiple Vulnerabilities Vendor: Benchmark Designs, LLC Product: WHM.AutoPilot Version: = 2.4.6.5 Website: http://www.whmautopilot.com/ BID: 12119 CVE: CVE-2004-1420 CVE-2004-1421 CVE-2004-1422 OSVDB: 12693 12694 12695 12696 12697...
SuSE9 Security Update : dhcpcd (YOU Patch Number 12696)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 %NASLMINLEVEL 70300 C...