EUVD-2026-2954

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

CVE-2023-2954

Cross-site Scripting XSS - Stored in GitHub repository liangliangyy/djangoblog prior to master...

CVE-2025-2954

A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/filesaver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach th...

CVE-2025-2954

creationtimestamp| type| source ---|---|--- 2025-03-30 20:36:07+00:00| seen| https://t.me/cvedetector/21516 2025-03-31 13:31:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9644...

CVE-2025-2954

A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/filesaver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach th...

CVE-2025-2954

OpenManus (mannaandpoem) up to 2025.3.13 is affected by a vulnerability in the File Handler component, specifically the execute function in app/tool/file_saver.py. The issue is caused by improper access controls, requiring local access to exploit. The advisory notes that the exploit has been disc...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2024-2954)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Action Network Plugin 1.4.3 is vulnerable to SQL Injection

Software Action Network Type Plugin Vulnerable versions 1.4.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-2954 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 1361c32ebfee Credits Pichaya Morimoto & Nanchanan Sanapun Required privilege...

SUSE: Security Advisory (SUSE-SU-2023:2954-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-2954

creationtimestamp| type| source ---|---|--- 2024-01-09 09:36:33+00:00| seen| https://t.me/ctinow/164879...

CVE-2023-2954

creationtimestamp| type| source ---|---|--- 2023-05-29 12:35:57+00:00| seen| https://t.me/cibsecurity/64757...

CVE-2023-2954 Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog

Cross-site Scripting XSS - Stored in GitHub repository liangliangyy/djangoblog prior to master...

CVE-2023-2954

CVE-2023-2954 is a stored XSS in the DjangoBlog project liangliangyy/djangoblog prior to master. Connected sources confirm the vulnerability arises from handling Markdown comments, enabling script execution when users view or interact with comments. PoCs and documented payloads exist (Huntr, etc....

CVE-2023-2954 Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog

Cross-site Scripting XSS - Stored in GitHub repository liangliangyy/djangoblog prior to master...

SUSE: Security Advisory (SUSE-SU-2021:2954-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : .NET Core 3.1 (RHSA-2020:2954)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2954 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt

Summary Oracle Database Server Publicly disclosed vulnerability affects IBM Emptoris Supplier Lifecycle Mgmt. Vulnerability Details CVEID: CVE-2019-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing

Summary Oracle Database Server Publicly disclosed vulnerability affects IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2019-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to cause no...

CVE-2020-2954

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft component: Candidate Gateway. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS...

CVE-2020-2954

CVE-2020-2954 affects Oracle PeopleSofts Enterprise HRMS (component: Candidate Gateway) on version 9.2. The issue is described as an unauthenticated remote condition over HTTP that can, with user interaction, lead to unauthorized read and write access to data in PeopleSoft Enterprise HRMS and pot...