3677 matches found
CVE-2026-1960 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes
Stored Cross-Site Scripting XSS vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint...
CVE-2026-1960
A Stored Cross-Site Scripting (XSS) vulnerability affects Loggro Pymes, exploitable via the Facebook parameter in the /loggrodemo/jbrain/ConsultaTerceros endpoint. The CVE-2026-1960 description (Loggro Pymes) confirms the issue and shows a CVSS v4.0 base score of 5.1 (MEDIUM) with Network attack ...
Loggro Pymes 跨站脚本漏洞
Loggro Pymes is a cloud-based business management software developed by the Spanish company Loggro. Loggro Pymes has a cross-site scripting vulnerability, which stems from incorrect handling of parameters in the file /loggrodemo/jbrain/ConsultaTerceros, specifically the parameter Facebook. This...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - PoC & Stand 📌 Quick Start 1. Deploy...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55...
Meta confirms it’s working on premium subscription for its apps
Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch. But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, th...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182-PoC-http-exec PoC terkait CVE-2025-55182 untu...
CVE-2025-12825
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...
CVE-2025-12825
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...
CVE-2025-12825
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...
CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...
CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...
CVE-2025-12825
CVE-2025-12825 affects the WordPress plugin User Registration Using Contact Form 7. The issue is a missing capability check in get_cf7_form_data across all versions up to and including 2.5, enabling unauthorized data access (including Facebook app secrets) by unauthenticated users. Connected sour...
EUVD-2026-3149
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...
PT-2026-3347
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get cf7 form data' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form...
CVE-2025-14557
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...
CVE-2025-14557
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...
CVE-2025-14557 XSS in Drupal 7 Facebook Pixel Module
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...
CVE-2025-14557
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...
CVE-2025-14557
CVE-2025-14557 affects Drupal Facebook Pixel module (facebook_pixel) with stored XSS due to improper input neutralization during page generation. Affected versions are 7.X-1.0 through 7.X-1.1. The vulnerability can allow malicious script injection via input fields rendered on generated pages, as ...