476 matches found
CVE-2026-3551
The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...
CVE-2026-6228
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...
PT-2026-41274
Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.28.37 Description Insufficient authorization checks in the role field update mechanism and overly permissive capabilities for the admin form post type allow for privilege escalation. The admin...
CVE-2026-7864 Exposure of Sensitive Information to an Unauthorized Actor
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information...
CVE-2026-6995
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...
CVE-2026-6995
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...
CVE-2026-6995 BDCOM P3310D New User index.asp cross site scripting
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...
CVE-2026-6995
CVE-2026-6995 concerns BDCOM P3310D (firmware 0.4.2, 10.1.0F Build 86345) and its /index.asp New User Page. The vulnerability arises from manipulating the User name argument, enabling cross-site scripting (XSS). The issue is exploitable remotely and public exploits exist. Documented impact is lim...
EUVD-2026-25671
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...
CVE-2026-6995 BDCOM P3310D New User index.asp cross site scripting
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...
BDCOM P3310D 跨站脚本漏洞
The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from an unknown feature of the New User Page component’s...
PT-2026-35168
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...
Cisco IOS XE Software Lobby Ambassador Privilege Escalation (cisco-sa-iosxe-lobby-privesc-KwxBqJy)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would...
EUVD-2026-23179
The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...
CVE-2026-3551
The CVE-2026-3551 issue affects the WordPress plugin Custom New User Notification (versions up to 1.2.0). It is a Stored XSS due to insufficient input sanitization and output escaping in multiple admin settings fields (e.g., User Mail Subject, User From Name/Email, Admin Mail Subject, Admin From ...
CVE-2026-3551 Custom New User Notification <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting
The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...
CVE-2026-3551 Custom New User Notification <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting
The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...
WordPress Custom New User Notification plugin <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom New User Notification versions = 1.2.0...
WordPress plugin Custom New User Notification 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-57851
A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...