CVE-2026-5417

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...

CVE-2026-5417

Dataease SQLbot up to 1.6.0 contains an SSRF issue in the Elasticsearch Handler. The vulnerability is in get_es_data_by_http (backend/apps/db/es_engine.py) where argument address is manipulated, potentially allowing a remote attack. Public exploit disclosures exist. Upgrading to Dataease SQLbot 1...

CVE-2025-5417

An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container...

CVE-2025-5417

creationtimestamp| type| source ---|---|--- 2025-08-19 05:06:12+00:00| seen| Telegram/3Miaxra4vGWptBk5LyurP3kmFIYA6HcYt9Xbxp9GeqPJRA4...

CVE-2023-5417

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2008-5417

HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the 1 SYS$CRELNM and 2 SYS$DELLNM system services...

CVE-2024-5417

creationtimestamp| type| source ---|---|--- 2024-08-29 13:42:43+00:00| seen| https://t.me/cvedetector/4382...

CVE-2024-5417 Gutentor < 3.3.6 - Contributor+ Stored XSS

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5417 Gutentor < 3.3.6 - Contributor+ Stored XSS

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5417

The CVE-2024-5417 entry concerns the Gutentor WordPress plugin prior to version 3.3.6. Root cause: the plugin does not validate or escape certain block options before outputting them in embedded blocks, enabling Stored XSS. Affected software: Gutentor WordPress plugin versions

WordPress Gutentor Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Gutentor Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5417 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7af65b4190da Credits Dmitrii Ignatyev Required...

Meinberg LANTIME Web Interface Cross-site Scripting (CVE-2014-5417)

Cross-site scripting XSS vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

CVE-2023-5417

creationtimestamp| type| source ---|---|--- 2023-12-20 13:48:36+00:00| seen| https://t.me/ctinow/156960...

CVE-2023-5417 Funnelforms Free <= 3.4 - Missing Authorization to Category Update

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-5417

The CVE-2023-5417 entry concerns Funnelforms Free for WordPress. A missing capability check in the fnsf_update_category function affects versions up to and including 3.4, allowing authenticated attackers with subscriber-level permissions and above to modify the Funnelforms category for a given po...

SUSE CVE-2016-5417

Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5417-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5417-1 advisory. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2017-05) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2020-5417 Cloud Controller may allow developers to claim sensitive routes

Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially...