CVE-2026-1780 [CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting

The CRPaid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

EUVD-2026-1780

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

CVE-2025-1780

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

CVE-2004-1780

Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts...

Linux Distros Unpatched Vulnerability : CVE-2015-1780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - oVirt users with MANIPULATESTORAGEDOMAIN permissions can attach a storage domain to any data-center CVE-2015-1780 Note that Nessus relies on the presence of the...

CVE-2025-1780

creationtimestamp| type| source ---|---|--- 2025-03-01 04:27:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6036 2025-03-01 06:24:38+00:00| seen| https://t.me/cvedetector/19201 2025-03-02 11:46:31+00:00| seen| Telegram/5KyYCsk6sHSq8tU0OLK5gjllt5IqFxwdjYOd1E3ZC82Ej64L...

CVE-2025-1780

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

CVE-2025-1780

CVE-2025-1780 : BuddyPress WooCommerce My Account Integration (WordPress plugin) suffers unauthorized access due to a missing capability check in wc4bp_delete_page() across versions up to 3.4.25, enabling authenticated users with Subscriber level and above to update the plugin settings. The vulne...

CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.25. This makes it possible for authenticated...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1780)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : unbound (RHSA-2024:1780)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1780 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: A vulnerability was found in Unbound due to...

CVE-2024-1780 BizCalendar Web <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab'

The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2015-1780

creationtimestamp| type| source ---|---|--- 2024-02-26 14:42:03+00:00| seen| https://t.me/ctinow/193371...

openssl security update

1:3.0.7-25.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evpproperties section in main OpenSSL configuration fi...

Oracle Linux 5 : kernel (ELSA-2011-1065)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1065 advisory. - xen hvm: secure vmx cpuid Andrew Jones 706325 CVE-2011-1936 - xen hvm: secure svmcraccess Andrew Jones 703716 CVE-2011-1780 - xen hvm: svm support...

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to...

Amazon Linux AMI : c-ares (ALAS-2023-1780)

The version of c-ares installed on the remote host is prior to 1.17.2-1.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1780 advisory. A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allow...

CVE-2023-1780 Companion Sitemap Generator < 4.5.3 - Reflected XSS

The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1780

The CVE-2023-1780 affects the Companion Sitemap Generator WordPress plugin (versions before 4.5.3). It stems from not sanitising/escaping certain parameters before echoing them in pages, causing a Reflected Cross‑Site Scripting (XSS) vulnerability that could affect high‑privilege users (e.g., adm...