118 matches found
CVE-2026-3498
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-3498
CVE-2026-3498 involves the BlockArt Blocks WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to and including 2.2.15, caused by insufficient input sanitization and output escaping. Authenticated attackers with Author-level acce...
EUVD-2026-21617
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-35175
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...
CVE-2026-35175
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...
CVE-2026-35175 Ajenti has an authorization bypass during custom package installation
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...
CVE-2026-35175
Ajenti (Linux/BSD modular server admin panel) contains an authorization bypass vulnerability (CVE-2026-35175) where an authenticated user using the auth_users method could install a custom package even without superuser privileges. Red Hat/NVD entries confirm the issue and that it is fixed in ver...
ajenti 安全漏洞
Ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Versions of Ajenti prior to 2.2.15 contained security vulnerabilities, which stemmed from the ability for unauthenticated users to install custom packages...
GHSA-73JV-44C3-J5P2 Ajenti has an authorization bypass during custom package installation
Impact An authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...
Ajenti has an authorization bypass during custom package installation
Impact An authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...
CVE-2022-23907
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting XSS vulnerability via the parameter m1fmmessage...
Linux Distros Unpatched Vulnerability : CVE-2025-67713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after...
PT-2025-50562
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect url as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...
CVE-2025-61787
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed ev...
CVE-2025-61786
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...
CVE-2025-61786
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...
CVE-2025-61787 Deno is Vulnerable to Command Injection on Windows During Batch File Execution
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed ev...
CVE-2025-61787 Deno is Vulnerable to Command Injection on Windows During Batch File Execution
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed ev...
CVE-2025-61787
Deno prior to 2.5.3 and 2.2.15 is vulnerable to Windows batch file command-injection because CreateProcess() can spawn cmd.exe when executing batch files (.bat/.cmd), enabling user-controlled argument injection (e.g., triggering calc.exe). CVE-2025-61787 states these issues are fixed in 2.5.3 and...
EUVD-2025-33180
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...