CVE-2025-13415

creationtimestamp| type| source ---|---|--- 2025-11-20 01:02:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5zl2ayw6d2x...

CVE-2025-13415

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2024-13415

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415 Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415 Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415

CVE-2024-13415 – WordPress Food Menu plugin : The Food Menu – Restaurant Menu & Online Ordering for WooCommerce for WordPress contains a missing capability check in the response() function across versions up to 5.1.4, enabling authenticated attackers with Subscriber-level access and above to modi...

CVE-2020-13415

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...

CVE-2020-13415

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...

CVE-2020-13415

CVE-2020-13415: Multiple records describe an XML Signature Wrapping vulnerability in Aviatrix Controller (v5.1 and earlier). An attacker with any signed SAML assertion from the IdP can establish a connection, even if the assertion is expired or the user is not authorized. This indicates a weaknes...

CVE-2019-13415

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...

CVE-2019-13415

CVE-2019-13415 affects floragunn Search Guard (pre-24.3) where Cross Cluster Search (CCS) enabled allows authenticated users to read data they are not authorized to see. Root cause is an authorization issue in versions before 24.3; impact is unauthorized data exposure when CCS is used. Connected ...

Moodle Jmol Filter 6.1 Cross Site Scripting / Directory Traversal

Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Date: 20 May 2019 Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities Software Link: https://moodle.org/plugins/filterjmol Version: =6.1...

CVE-2018-13415

CVE-2018-13415 affects Plex Media Server 1.13.2.5154, specifically the XML parsing engine used for SSDP/UPnP. The vulnerability is an XML External Entity Processing (XXE) flaw that allows unauthenticated attackers on the same network to: (1) read arbitrary files on the host filesystem, (2) establ...

Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Vulnerability

Exploit for jsp platform in category web applications Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity...

Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use...

king5.com XSS vulnerability

Vulnerable URL: http://www.king5.com/search?ppid=searchresultWARsitesearchportletplifecycle=1pstate=normal&searchresultWARsitesearchportletjavax.portlet.action=search="scopeType=0=0 Details: Description| Value ---|--- Patched:| Yes, at 05.01.2017 Latest check for patch:| 05.01.2017 18:37 GMT...