CVE-2026-5417

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...

CVE-2026-5417

Dataease SQLbot up to 1.6.0 contains an SSRF issue in the Elasticsearch Handler. The vulnerability is in get_es_data_by_http (backend/apps/db/es_engine.py) where argument address is manipulated, potentially allowing a remote attack. Public exploit disclosures exist. Upgrading to Dataease SQLbot 1...

CVE-2025-5417

An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container...

CVE-2025-5417

creationtimestamp| type| source ---|---|--- 2025-08-19 05:06:12+00:00| seen| Telegram/3Miaxra4vGWptBk5LyurP3kmFIYA6HcYt9Xbxp9GeqPJRA4...

CVE-2023-5417

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2008-5417

HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the 1 SYS$CRELNM and 2 SYS$DELLNM system services...

CVE-2024-5417

creationtimestamp| type| source ---|---|--- 2024-08-29 13:42:43+00:00| seen| https://t.me/cvedetector/4382...

CVE-2024-5417

The CVE-2024-5417 entry concerns the Gutentor WordPress plugin prior to version 3.3.6. Root cause: the plugin does not validate or escape certain block options before outputting them in embedded blocks, enabling Stored XSS. Affected software: Gutentor WordPress plugin versions

CVE-2024-5417 Gutentor < 3.3.6 - Contributor+ Stored XSS

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5417 Gutentor < 3.3.6 - Contributor+ Stored XSS

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Gutentor Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Gutentor Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5417 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7af65b4190da Credits Dmitrii Ignatyev Required...

Meinberg LANTIME Web Interface Cross-site Scripting (CVE-2014-5417)

Cross-site scripting XSS vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

CVE-2023-5417

creationtimestamp| type| source ---|---|--- 2023-12-20 13:48:36+00:00| seen| https://t.me/ctinow/156960...

CVE-2023-5417 Funnelforms Free <= 3.4 - Missing Authorization to Category Update

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-5417

The CVE-2023-5417 entry concerns Funnelforms Free for WordPress. A missing capability check in the fnsf_update_category function affects versions up to and including 3.4, allowing authenticated attackers with subscriber-level permissions and above to modify the Funnelforms category for a given po...

SUSE CVE-2016-5417

Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5417-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5417-1 advisory. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2017-05) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2020-5417

CVE-2020-5417 affects Cloud Foundry CAPI (Cloud Controller) versions prior to 1.97.0 when an app domain is also the system domain (as in default CF deployments). The issue allows a developer’s app to maliciously or accidentally claim sensitive routes that were intended for system components, pote...