Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...

CVE-2026-2718 Dealia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...

CVE-2024-2718

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack ma...

CVE-2013-2718

creationtimestamp| type| source ---|---|--- 2025-02-14 21:08:31+00:00| seen| Telegram/1NSIX1wu2gyUOfYjusC-VT-KGW0oSSja3s2e2DaPm70aZ1Y9...

CVE-2024-2718

CVE-2024-2718 affects Campcodes Complete Online DJ Booking System 1.0. The vulnerability exists in the /admin/booking-bwdates-reports-details.php file, where manipulating the fromdate parameter enables cross-site scripting. Exploitation is possible remotely, and multiple sources note public discl...

CVE-2024-2718 Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php cross site scripting

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack ma...

CVE-2024-2718 Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php cross site scripting

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack ma...

PT-2024-2718 · Doctor Web · Dr.Web Anti-Rootkit Api

Name of the Vulnerable Software and Affected Versions: Dr.Web Anti-rootkit API affected versions not specified Description: The issue is related to the use of a fixed or uncontrolled path for resource search in the Dr.Web Anti-rootkit API module. Exploitation of this issue may allow an attacker t...

WordPress Contact Form Email Plugin < 1.3.38 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Email Type Plugin Vulnerable versions 1.3.38 Fixed in 1.3.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2718 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3c1617231fe6 Credits Andreas Damen...

CVE-2023-2718 Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting

The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability...

CVE-2023-2718

The CVE-2023-2718 entry covers the WordPress plugin Contact Form Email, affected versions prior to 1.3.38, which fails to escape submitted values before HTML output, causing an unauthenticated Stored XSS. Root cause: input is echoed without escaping. Impact: stored XSS on pages rendering form sub...

SUSE CVE-2015-2718

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...

CVE-2022-2718

Summary: CVE-2022-2718 affects the WordPress plugin “JoomSport – for Sports: Team & League, Football, Hockey & more.” The vulnerability is an SQL injection in the orderby parameter on the joomsport-page-extrafields page, before/during version 5.2.5. The root cause is insufficient escaping and ina...

CVE-2022-2718 JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of...

SUSE SLES12 Security Update : ncurses (SUSE-SU-2022:2718-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2718-1 advisory. - ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the...

JVN#73897863: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVS...

RHEL 8 : kernel (RHSA-2021:2718)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2718 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: sizet-to-int conversion...

SUSE: Security Advisory (SUSE-SU-2017:2718-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-2718

CVE-2020-2718 affects Oracle Financial Services Applications Banking Corporate Lending (Core) with affected versions 12.3.0–12.4.0 and 14.0.0–14.3.0. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise the product, potentially gaining unauthorized access ...

CVE-2020-2718

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...