CVE-2026-5720

creationtimestamp| type| source ---|---|--- 2026-04-17 23:20:34+00:00| published-proof-of-concept| Telegram/tNtN6ajST1i0hZ4W2szdcVpxF1Em9wIkkVyc-W9Ntpka1A...

CVE-2025-5720

creationtimestamp| type| source ---|---|--- 2025-07-31 04:42:56+00:00| seen| Telegram/jEKtWJRces4jT-rvD5q2cffGkiFeHS5c87Pa3CEoF2px2I...

CVE-2025-5720

The CVE-2025-5720 entry concerns the WordPress plugin “Customer Reviews for WooCommerce.” It is an unauthenticated stored XSS via the author parameter in all versions up to 5.80.2. The vulnerability arises from insufficient input sanitization and output escaping, allowing an attacker to inject ar...

CVE-2025-5720 Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author’ parameter in all versions up to, and including, 5.80.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress Customer Reviews for WooCommerce plugin <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via author Parameter vulnerability discovered by zer0gh0st in WordPress Plugin Customer Reviews for WooCommerce versions = 5.80.2...

CVE-2019-5720

includes/db/class.reflinesdb.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the voidtransaction.php filterType parameter...

Debian: Security Advisory (DSA-5720-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-5720 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5720 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5720-1 [email protected] https://www.debian.org/securit...

CVE-2023-5720

CVE-2023-5720 affects Quarkus and describes an information disclosure risk stemming from improper sanitization of artifacts created via the Gradle plugin. The flaw allows access to potentially sensitive build-system information embedded in the application. Connected sources reiterate the same vul...

CVE-2023-5720 Quarkus: build env information disclosure via gradle plugin

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...

RHEL 7 : rh-nginx120-nginx (RHSA-2023:5720)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5720 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

Oracle Linux 7 : libvirt (ELSA-2020-5720)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5720 advisory. 5.7.0-15.el7 - qemu: Escape the qemu driver systemd DOT hoax Wim ten Have Orabug: 31380815 5.7.0-14.el7 - vmx: make 'fileName' optional for CD-ROMs Pino Toscano...

Spitfire CMS 1.0.475 PHP Object Injection

Spitfire CMS 1.0.475 cmsbackupvalues PHP Object Injection Vendor: Claus Muus Product web page: http://spitfire.clausmuus.de Affected version: 1.0.475 Summary: Spitfire is a system to manage the content of webpages. Desc: The application is prone to a PHP Object Injection vulnerability due to the...

Spitfire CMS 1.0.475 PHP Object Injection Vulnerability

Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input...

Ubuntu: Security Advisory (USN-5720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : Zstandard vulnerabilities (USN-5720-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5720-1 advisory. It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue ...

RHEL 8 : grafana (RHSA-2022:5720)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5720 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: OAuth account...

Mageia: Security Advisory (MGASA-2013-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-5720

...

CVE-2017-5720

CVE-2017-5720 is rejected; not an active vulnerability entry.