5123 matches found
WordPress Advanced iFrame plugin <= 2025.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Advanced iFrame versions = 2025.10...
CVE-2025-14616
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
EUVD-2025-206487
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616
The CVE-2025-14616 entry describes a Cross-Site Request Forgery in the WordPress plugin Recooty (Old Dashboard) up to version 1.0.6, caused by missing nonce validation in recooty_save_maybe(). This allows unauthenticated attackers to update the recooty_key option and inject malicious content into...
CVE-2026-24399
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...
CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...
CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...
EUVD-2026-4613
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...
CVE-2026-24399
ChatterMate (no-code AI chatbot framework) is vulnerable in versions 1.0.8 and earlier due to input-processed HTML/JavaScript payloads. An iframe payload containing a javascript: URI can be processed in the browser context, allowing access to client-side data (localStorage tokens, cookies) and re...
PT-2026-4544
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...
MiracleLinux 7 : firefox-102.9.0-3.0.1.el7.AXS7 (AXSA:2023-5237:14)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5237:14 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...
MiracleLinux 8 : firefox-102.5.0-1.el8.ML.1 (AXSA:2023-4657:01)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4657:01 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...
MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...
MiracleLinux 9 : libreoffice-7.1.8.1-11.el9.ML.2 (AXSA:2023-7005:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7005:05 advisory. libreoffice: Empty entry in Java class path CVE-2022-38745 libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 libreoffice:...
MiracleLinux 9 : firefox-102.9.0-3.el9.ML.1 (AXSA:2023-5234:12)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5234:12 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...
MiracleLinux 8 : libreoffice-6.4.7.2-15.el8.ML.1 (AXSA:2023-7259:06)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7259:06 advisory. libreoffice: Empty entry in Java class path CVE-2022-38745 libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 libreoffice:...
MiracleLinux 7 : firefox-91.9.0-1.0.1.el7.AXS7 (AXSA:2022-3176:11)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3176:11 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...