46 matches found
CVE-2026-47266
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
CVE-2026-47266
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
PT-2026-44977
Name of the Vulnerable Software and Affected Versions Formie versions prior to 2.2.21 Formie versions prior to 3.1.26 Description Unauthenticated users can modify existing submissions by sending a known or guessed submission ID to the 'formie/submissions/save-submission' endpoint. Recommendations...
Astra Linux - уязвимость в python-django
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with appropriately crafted file names...
CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting
A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...
CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting
A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...
PT-2026-25635
A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...
CVE-2025-13864
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...
CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...
CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...
PT-2026-20609
Name of the Vulnerable Software and Affected Versions Breeze - WordPress Cache Plugin versions through 2.2.21 Description The Breeze - WordPress Cache Plugin is affected by an issue allowing unauthorized cache clearing. The REST API endpoint /wp-json/breeze/v1/clear-all-cache is registered withou...
CVE-2025-69364
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through = 2.2.21...
CVE-2025-69364
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through = 2.2.21...
CVE-2025-69364
The CVE-2025-69364 entry concerns WordPress Breeze plugin (≤ 2.2.21). A Missing/ Broken Authorization issue arises from incorrectly configured access control in Breeze, exposing unauthorized access. Affects Breeze versions through 2.2.21; CVSSv3.1 base score 5.3 (Network, Low confidentiality impa...
CVE-2025-69364
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through = 2.2.21...
PT-2026-1491
Name of the Vulnerable Software and Affected Versions Cloudways Breeze versions through 2.2.21 Description An authorization issue exists in Cloudways Breeze that allows exploitation of incorrectly configured access control security levels. Recommendations Update Cloudways Breeze to a version late...
EUVD-2015-3672
Malware in sbrugna...
CMS Made Simple <= 2.2.21 Multiple Vulnerabilities
CMS Made Simple is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2010-4662
PmWiki before 2.2.21 has XSS...