675 matches found
CVE-2026-42519
The provided documents describe CVE-2026-42519 as a vulnerability in the Jenkins Script Security Plugin (version 1399.ve6a_66547f6e1 and earlier). The root cause is a missing permission check that permits users with Overall/Read permission to enumerate pending and approved Script Security classpa...
PT-2026-35913
A missing permission check in Jenkins Script Security Plugin 1399.ve6a 66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...
PT-2026-26249
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...
xygeni-action 安全漏洞
Oxyni-action is a GitHub code security scanning workflow plugin developed by Xygeni. Oxyni-action has a security vulnerability that stems from tag poisoning, which can lead to supply chain attacks, allowing attackers to execute arbitrary commands on the CI runner...
CVE-2026-26017
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check...
WordPress Shield Security plugin <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability
Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...
CVE-2026-0561
The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2026-0561
The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2025-14427
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...
CVE-2026-0561
CVE-2026-0561 affects the Shield Security plugin for WordPress up to version 21.0.8. It enables unauthenticated, reflected Cross-Site Scripting via the 'message' parameter due to insufficient input sanitization and output escaping. The impact is described as injecting arbitrary web scripts on pag...
CVE-2025-14427 Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...
PT-2026-20617
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...
CVE-2026-24532 WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through =...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
CVE-2024-10924 / Auth Bypass 2FA to RCE Exploit - Author: J...
Shopware Has Improper Control of Generation of Code in Twig rendered views
Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...
GHSA-7CW6-7H3H-V8PF Shopware Has Improper Control of Generation of Code in Twig rendered views
Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...
CVE-2023-4549
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...
CVE-2016-10898
The total-security plugin before 3.4.1 for WordPress has XSS...
CVE-2017-18541
The xo-security plugin before 1.5.3 for WordPress has XSS...
CVE-2021-41188
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against...