CVE-2025-15611

creationtimestamp| type| source ---|---|--- 2026-04-20 10:37:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjwbkngpqf2s...

CVE-2025-15611

The CVE-2025-15611 affects the Popup Box WordPress plugin prior to version 5.5.0. The root cause is improper validation of nonces in the add_or_edit_popupbox() function before saving popup data, enabling CSRF by unauthenticated attackers. When an authenticated admin visits a malicious page, the a...

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

CVE-2020-15611

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the servicerestart parameter, the...

CVE-2020-15611

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the servicerestart parameter, the...

CVE-2020-15611

CVE-2020-15611 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_dashboard.php: when parsing the service_restart parameter, the code does not properly validate a user-supplied string before using it in a system call, enabling remote code execution with root privileges. Multiple so...

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

CVE-2019-15611

CVE-2019-15611 affects the iOS Nextcloud App (version 2.23.0) and is due to a violation of Secure Design Principles that causes the app to disclose login credentials and access tokens to other Nextcloud services during user search (e.g., federated users) or push-notification registration. The iss...

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

CVE-2018-15611

CVE-2018-15611 describes an elevation-of-privilege vulnerability in the Avaya Aura Communication Manager’s local system administration component. An authenticated, privileged local user can gain root privileges on affected systems. Affected versions include 6.3.x and all 7.x releases before 7.1.3...

Octopus Deploy Privilege Escalation Vulnerability

In Octopus, an authenticated user who was explicitly granted the permission to invite new users aka UserInvite can invite users to teams with escalated privileges. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

CVE-2017-15611

In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users aka UserInvite can invite users to teams with escalated privileges...

CVE-2017-15611

CVE-2017-15611 affects Octopus Deploy prior to 3.17.7. An authenticated user with the explicit UserInvite permission can invite users to teams with escalated privileges, enabling privilege escalation within the deployment platform. The vulnerability is documented across multiple sources (NVD entr...

PHP Doc System index.php show Parameter Local File Inclusion

The remote host is running PHP Doc System, a modular, PHP-based system for creating documentation. The version of PHP Doc System installed on the remote host fails to sanitize user input to the 'show' parameter of the 'index.php' script before using it in a PHP 'include' function. An...