NPM: n8n-mcp webhook and API client paths has an authenticated SSRF

NPM: n8n-mcp webhook and API client paths has an authenticated SSRF vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.18.7, 2.50.2...

CVE-2025-7732

CVE-2025-7732: The WordPress plugin Lazy Load for Videos (

CVE-2025-7732 Lazy Load for Videos <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes

The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied...

PT-2025-34821 · WordPress · Lazy Load For Videos

Name of the Vulnerable Software and Affected Versions: Lazy Load for Videos plugin for WordPress versions through 2.18.7 Description: The Lazy Load for Videos plugin for WordPress is susceptible to Stored Cross-Site Scripting through its lazy-loading handlers. Insufficient input sanitization and...

WordPress Lazy Load for Videos plugin <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability discovered by Webbernaut in WordPress Plugin Lazy Load for Videos versions = 2.18.7...

CVE-2009-5112

wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request...

Directory traversal

Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the DOC parameter...

CVE-2009-5112

wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request...

WebGlimpse 2.x - &#039;wgarcmin.cgi&#039; Full Path Disclosure

source: https://www.securityfocus.com/bid/52646/info WebGlimpse is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. WebGlimpse 2.18.7 is vulnerable; other versio...

Multiple vulnerabilities in Webglimpse

Здравствуйте 3APA3A! Сообщаю вам о найденных мною множественных уязвимостях в Webglimpse. Это Full path disclosure, Cross-Site Scripting, Directory Traversal и Authorization bypass уязвимости. Уязвимости в админке Webglimpse в которую можно попасть через гостевой аккаунт, или захватив кукис админ...

WebGlimpse 2.18.7 - &#039;DOC&#039; Directory Traversal

source: https://www.securityfocus.com/bid/52651/info WebGlimpse is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences '../' to retrieve arbitrary files in th...

Cross-Site Scripting vulnerabilities in Webglimpse

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting уязвимостях в локальной поисковой системе Webglimpse. XSS IE: Уязвимости в webglimpse.cgi в параметрах case, whole, lines, errors, age, filter и wordspan...