896 matches found
CVE-2025-55044
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...
Exploit for Argument Injection in Weblate
Weblate -- Arbitrary File Read via SSH Host Argument Injection...
Cross-site Request Forgery (CSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the setPermission.json.php endpoint. An attacker can modify user group permissions and escalate privileges by tricking an...
PT-2026-28512
Name of the Vulnerable Software and Affected Versions Metabase Enterprise versions 1.47 through 1.54.21 Metabase Enterprise versions 1.55.0 through 1.55.21 Metabase Enterprise versions 1.56.0 through 1.56.21 Metabase Enterprise versions 1.57.0 through 1.57.15 Metabase Enterprise versions 1.58.0...
WordPress Multi Functional Flexi Lightbox plugin <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via 'message' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin Multi Functional Flexi Lightbox versions = 1.2...
CVE-2026-31848 Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...
CVE-2026-31848 Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...
EUVD-2026-14155
The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2026-3354 Wikilookup <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting
The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-4161
The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2026-3577
The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias val parameter in the updatekbdbkupalias AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While...
CVE-2026-33226 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...
PT-2026-26790
Summary The objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting session.cookie samesite = 'None' for HTTPS connections, an unauthenticated...
CVE-2025-55044
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...
PT-2026-26082
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...
CVE-2025-55045
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2025-55046
MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...
Server-side Request Forgery (SSRF)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the fetchmetadata.php process when user-supplied input is passed to filegetcontents after only...
CVE-2025-59784
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59783
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...