EUVD-2026-1455

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

CVE-2025-1455

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-1455

creationtimestamp| type| source ---|---|--- 2025-04-12 08:51:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11552 2025-04-12 12:12:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmmiyo4ea32q 2025-04-12 12:30:53+00:00| seen| https://t.me/cvedetector/22800...

CVE-2025-1455

CVE-2025-1455 affects the Royal Elementor Addons and Templates plugin for WordPress. The issue is a Stored Cross-Site Scripting vulnerability in the Woo Grid widget caused by insufficient input sanitization and output escaping. It requires authenticated access (Contributor level or higher) and al...

CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +155 more potentially affected by CVE-2024-1455 via langchain-core (>=0.0.1 <=0.1.33)

langchain-core PYPI version =0.0.1, =0.0.1, =0.8.0, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.3.5, =0.4.12 and more Source cves: CVE-2024-1455 Source advisory: OSV:GHSA-Q84M-RMW3-4382...

CVE-2024-1455

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...

CVE-2024-1455

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...

CVE-2024-1455 Billion Laughs Attack leading to DoS in langchain-ai/langchain

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...

Cisco Nexus 9000 Information Disclosure (CVE-2016-1455)

Cisco NX-OS before 7.03I22e and 7.03I4 before 7.03I41 has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365. This plugin only works with Tenable.ot. Please visit...

CVE-2023-1455

creationtimestamp| type| source ---|---|--- 2023-03-17 11:36:35+00:00| seen| https://t.me/cibsecurity/60231...

CVE-2023-1455

The CVE-2023-1455 entry affects SourceCodester Online Pizza Ordering System 1.0, specifically the Login Page component at admin/ajax.php?action=login2. An SQL injection is possible by manipulating the email parameter (example: abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'...

SUSE CVE-2005-1455

Buffer overflow in the sqlescapefunc function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service crash...

SUSE CVE-2010-1456

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1455. Reason: This candidate is a duplicate of CVE-2010-1455. Notes: All CVE users should reference CVE-2010-1455 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

openSUSE: Security Advisory for glib2 (SUSE-SU-2022:1455-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-1455

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

CVE-2022-1455

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

CVE-2022-1455 Call Now Button < 1.1.2 - Reflected Cross-Site Scripting

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

CVE-2022-1455

The CVE-2022-1455 entry concerns the WordPress Call Now Button plugin prior to version 1.1.2, where a parameter output into a hidden input attribute is not escaped, enabling Reflected Cross-Site Scripting. The vulnerability affects versions before 1.1.2; the root cause is failure to escape user-c...

SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2022:1455-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1455-1 advisory. - An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to...