CVE-2025-13386

creationtimestamp| type| source ---|---|--- 2025-11-25 09:14:09+00:00| seen| https://gist.github.com/Darkcrai86/6f416923659356864a23ac976cacd7a0...

CVE-2025-13386 Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

MAL-2025-13386 Malicious code in @zalastax/nolb-promises (npm)

The package @zalastax/nolb-promises was found to contain malicious code...

CVE-2019-13386

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

CVE-2024-13386 quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2020-13386

In SmartDraw 2020 (version 27.0.0.0), the installer grants inherited write permissions to the Authenticated Users group on the SmartDraw installation folder. Two scheduled tasks, SDMsgUpdate (Local) and SDMsgUpdate (TE), are created to run in the context of the installing user and attempt to exec...

CVE-2019-13386

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

CVE-2019-13386

CVE-2019-13386 affects CentOS Web Panel (CWP) version 0.9.8.846. A hidden action=9 in filemanager2.php enables an attacker to execute shell commands, potentially obtaining a reverse shell with the user’s privileges. Exploitation details and references across multiple sources corroborate this remo...

Atlassian SourceTree 0.5.1.0 < 2.6.9 Remote Code Execution Vulnerabilities

The version of Atlassian SourceTree installed on the remote host is a version 0.5.1.0 prior to 2.6.9 . It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. C Tenable...

CVE-2018-13386

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of...

CVE-2018-13386

CVE-2018-13386 affects Sourcetree for Windows. The vulnerability is an argument injection via filenames in Mercurial repositories, exploitable by a user who can commit to a linked Mercurial repo, to gain code execution on the system. Affected versions are Sourcetree for Windows prior to 2.6.9. Re...

CVE-2018-13386

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of...