CVE-2025-49594

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows...

GHSA-F2HF-PFRJ-VRM7 XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view

Impact Anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows authentication with any user since users are very commonly viewable, at least to other registered users. Patches Version 2.18.2...

CVE-2025-49594 XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows...

PT-2025-40900

Name of the Vulnerable Software and Affected Versions XWiki versions 2.17.1 through 2.18.1 Description XWiki OpenID Connect OIDC contains tools for manipulating the OpenID Connect protocol. Individuals with VIEW access to a user profile can generate a token for that user in versions prior to...

CVE-2023-45656

Cross-Site Request Forgery CSRF vulnerability in Kevin Weber Lazy Load for Videos plugin = 2.18.2 versions...

CVE-2023-45656 WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Kevin Weber Lazy Load for Videos plugin = 2.18.2 versions...

PT-2023-29631 · WordPress · Kevin Weber Lazy Load For Videos

Name of the Vulnerable Software and Affected Versions: Kevin Weber Lazy Load for Videos plugin versions = 2.18.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions o...

WordPress Real Cookie Banner plugin <= 2.18.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Real Cookie Banner plugin versions = 2.18.1. Solution Update the WordPress Real Cookie Banner plugin to the latest available version at least 2.18.2...

PT-2021-14663 · Jenkins · Jenkins Claim Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Claim Plugin versions 2.18.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to change claims. This issue arises because the form submission endpoint for assigning claims does not require POST...

PT-2021-14662 · Jenkins · Jenkins Claim Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Claim Plugin versions 2.18.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Claim Plugin does not escape the user display name, allowing attackers who ca...

git security update

2.18.2-1 - Update to release 2.18.2 - Remote code execution in recursive clones with nested submodules Resolves: CVE-2019-1387 - Fixes CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354...

GNOME显示管理器G_Strsplit函数本地拒绝服务漏洞

BUGTRAQ ID: 25191 CVE ID:CVE-2007-3381 CNCVE ID:CNCVE-20073381 GNOME Display Manager是Gnome的显示管理器。 GNOME Display Manager GStrsplit函数不正确处理GDM套接字命令，本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建特殊的GDM报文命令会引起GDM停止管理显示，导致拒绝服务。目前没有详细漏洞细节提供。 GNOME GDM 2.19.4 GNOME GDM 2.19.3 GNOME GDM 2.19.2 GNOME GDM 2.19.1 GNOME GDM...