22 matches found
CVE-2026-23887
creationtimestamp| type| source ---|---|--- 2026-01-22 02:03:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcy3tkxxgj26...
CVE-2025-23887
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Blog Summary blog-summary allows Stored XSS.This issue affects Blog Summary: from n/a through = 0.1.2 β...
CVE-2021-23887
Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting...
CVE-2020-23887
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service DoS via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33...
CVE-2025-23887
creationtimestamp| type| source ---|---|--- 2025-01-16 21:19:08+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7g4s2bl2n 2025-01-17 21:56:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2218...
CVE-2025-23887
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Blog Summary blog-summary allows Stored XSS.This issue affects Blog Summary: from n/a through = 0.1.2 β...
CVE-2025-23887 WordPress Blog Summary plugin <= 0.1.2 β - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Blog Summary blog-summary allows Stored XSS.This issue affects Blog Summary: from n/a through = 0.1.2 β...
CVE-2025-23887
CVE-2025-23887 describes a stored cross-site scripting (XSS) vulnerability in the WordPress Blog Summary plugin. According to connected Red Hat/Wordfence data, the issue is caused by improper input neutralization during web page generation, enabling stored XSS. The affected software is the Blog S...
CVE-2023-23887 WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0...
CVE-2023-23887 WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shahjada Easy Google Analytics for WordPress easy-google-analytics-for-wordpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through = 1.6.0...
CVE-2024-23887
creationtimestamp| type| source ---|---|--- 2024-02-19 14:51:36+00:00| seen| https://t.me/ctinow/187705...
CVE-2024-23887 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could...
CVE-2024-23887
CVE-2024-23887 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) in the grndate parameter of /cupseasylive/grncreate.php, caused by insufficient encoding of user-controlled input. It could allow a remote attacker to craft a URL sent to an authenticat...
WordPress Easy Google Analytics for WordPress Plugin <= 1.6.0 is vulnerable to Broken Access Control
Software Easy Google Analytics for WordPress Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23887 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 682fb3f4795d Credits Mika Requir...
CVE-2022-23887
creationtimestamp| type| source ---|---|--- 2022-01-29 00:21:57+00:00| seen| https://t.me/cibsecurity/36519...
CVE-2022-23887
CVE-2022-23887: YzmCMS v6.3 is affected by a Cross-Site Request Forgery (CSRF) that lets an attacker delete user accounts via /admin/admin_manage/delete. Root cause is CSRF vulnerability; exploitation details are not provided in the documents. No remediation/fix is specified in the provided data....
CVE-2020-23887
creationtimestamp| type| source ---|---|--- 2021-11-11 00:36:59+00:00| seen| https://t.me/cibsecurity/32216...
CVE-2020-23887
XnView MP v0.96.4 is affected by a heap-based buffer overflow that can be triggered by a crafted ICO file, leading to a denial of service. The issue is described as a Read Access Violation beginning at USER32!SmartStretchDIBits+0x33. Connected sources confirm the vulnerability in XnView MP, but d...
McAfee DLPe Agent < 11.6.100.41 Multiple Vulnerabilities (SB10357)
The version of the McAfee Data Loss Prevention Endpoint DLPe Agent installed on the remote Windows host is prior to 11.6.100.41. It is, therefore, affected by multiple vulnerabilities: - Denial of Service vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.100.41...
CVE-2021-23887 Privilege escalation in McAfee DLP Endpoint for Windows
Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting...