22 matches found
CVE-2025-12880
The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...
CVE-2025-12880
creationtimestamp| type| source ---|---|--- 2025-11-11 06:04:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5dhqku5zu2s...
WordPress Progress Bar Blocks for Gutenberg plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Progress Bar Blocks for Gutenberg versions = 1.0.0...
CVE-2018-12880
creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:35+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
CVE-2019-12880
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...
CVE-2024-12880
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...
CVE-2024-12880
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...
CVE-2024-12880
The CVE-2024-12880 entry concerns infiniflow/ragflow (RAGFlow-0.13.0) with a vulnerability in tenant ID handling that enables partial account takeover. If a user has access to multiple tenants, they can manipulate tenant access to query and obtain other tenants’ API tokens via endpoints: /v1/syst...
SUSE SLES12 Security Update : python-PyJWT (SUSE-SU-2021:2010-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2010-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. File data...
SUSE: Security Advisory (SUSE-SU-2021:2010-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:3370-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-12880
CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...
CVE-2019-12880
CVE-2019-12880 affects BCN Quark Quarking Password Manager (v3.1.84). The issue is a clickjacking vulnerability caused by allowing a wildcard (*) in web_accessible_resources, enabling a malicious page to load the password manager UI in a framed context. This could allow attackers to trick users i...
CVE-2018-12880
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...
CVE-2018-12880
CVE-2018-12880 affects Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier. The vulnerability is an out-of-bounds read in the affected components, which could lead to information disclosure. This CVE is listed with a base CVSS s...
Adobe Acrobat and Reader Out-of-bounds read (APSB18-30: CVE-2018-12880)
A out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
openSUSE Security Update : python-PyJWT (openSUSE-2017-1408)
This update for python-PyJWT fixes the following issues : - CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys bsc1054106 This update was imported from the SUSE:SLE-12-SP1:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...