Lucene search
K

67 matches found

NVD
NVD
added 5 hours ago6 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS
Exploits0References8
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-12428 Blocks for ACF Fields <= 1.6.2 - Missing Authorization to Authenticated (Author+) Arbitrary ACF Field Value Disclosure via 'id' Parameter

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS
Exploits0References8
CVE
CVE
added 6 hours ago5 views

CVE-2026-12428

The CVE concerns the WordPress plugin Blocks for ACF Fields (versions up to 1.6.2). A missing capability check on the REST endpoint /wp-json/acf-field-blocks/v1/values (get_all_values) allows unauthorized access to ACF field data. The permission_callback only verifies publish_posts, and the handl...

6.5CVSS6.1AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:1 p.m.7 views

CVE-2026-47193

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/08 4:34 p.m.29 views

CVE-2026-43966

CVE-2026-43966 describes a HTTP Response Splitting flaw in the Erlang/cowlib component, where cow_http_struct_hd:escape_string/2 only escapes backslash and quote, allowing CRLF injection into structured HTTP header values. The mismatch between the encoder (allows any byte) and the parser (accepts...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:38 p.m.3 views

CVE-2026-39857

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS5.8AI score0.00435EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/15 7:38 p.m.17 views

CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS0.00435EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.6 views

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.4CVSS5.9AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2025-208701

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.4CVSS5.8AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:18 p.m.4 views

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.4CVSS0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:18 p.m.3 views

CVE-2025-69237

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.4CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:53 a.m.8 views

CVE-2025-69237

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 11:53 a.m.2 views

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 11:53 a.m.10 views

CVE-2025-69237

CVE-2025-69237 concerns Raytha CMS, where a Stored XSS vulnerability exists in the page creation flow via FieldValues[0].Value. An authenticated attacker with content-creation permissions can inject arbitrary HTML/JS that is rendered on the edited page. The issue is fixed in version 1.4.6. The pr...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/16 11:52 a.m.27 views

CVE-2025-69236 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:52 a.m.7 views

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2026/03/16 11:52 a.m.21 views

CVE-2025-69236

CVE-2025-69236 : Raytha CMS is affected by a Stored XSS in the post editing workflow, exploitable via the FieldValues[1].Value parameter. An authenticated attacker with post-edit permissions can inject arbitrary HTML/JS that is rendered when the edited page is viewed. The issue has a CVSS-based i...

5.4CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.2 views

PT-2026-25690

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 8:42 p.m.6 views

CVE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5
Rows per page
Query Builder