CVE-2026-46698 Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

CVE-2026-46698

Fediverse Embeds (WordPress plugin) prior to 1.5.9 registered an unauthenticated AJAX action, wp_ajax_nopriv_ftf_get_site_info, which validated a nonce ftf-fediverse-embeds-nonce and then performed file_get_html($site_url) on an attacker-supplied URL. The same nonce was enqueued on every public p...

CVE-2026-42069 Kirby: Read access to site, user and role information is not gated by permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42069 Kirby: Read access to site, user and role information is not gated by permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42069

CVE-2026-42069 (Kirby CMS) : Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information was not gated by permissions. The issue has been patched in Kirby 4.9.0 and 5.4.0; upgrade to those versions or later to fix the vulnerability. The problem enables unauthorized read acce...

CVE-2020-37139

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...

CVE-2020-37139

CVE-2020-37139 affects Odin Secure FTP Expert 7.6.3. The issue is a local denial-of-service vulnerability caused by a buffer overflow triggered by pasting 108 bytes of repeated characters into site information/connection fields, which crashes the application. Multiple connected sources corroborat...

CVE-2020-37139 Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...

CVE-2020-37139 Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...

Odin Secure FTP Expert 安全漏洞

Odin Secure FTP Expert is an FTP client software developed by Odin Secure Corporation. Version 7.6.3 of Odin Secure FTP Expert contains a security vulnerability, which stems from improper handling of site information fields, potentially leading to application crashes...

EUVD-2008-6635

Malware in sbrugna...

CVE-2025-58866

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through = 1.1...

CVE-2022-40443

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php...

CVE-2021-23888

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user...

Moodle does not consider "don't send" attributes during hub registration

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data...

Automattic: Site information's Display Name section vulnerable for XSS attacks and HTML Injections.

Summary: Hi, Greetings. I have found that site information's Display Name section on the try.pressable.com is vulnerable for potential XSS attacks and HTML Injections. Steps To Reproduce: 1. Visit https://try.pressable.com 2. Create a new site. 3. On the Display Name section, put the XSS / HTML...

RHEL 6 : chromium-browser (RHSA-2020:2544)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 83.0.4103.97. Security Fixes:...

chromium-browser: Incorrect security UI in site information

Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name...

Imgur: De-anonymization Attack: Cross Site Information Leakage

Dear Imgur Security Team, We are researchers at the IMDEA Software Institute in Madrid, Spain. We have been working on analyzing Cross-Site Browser Leaks xsleaks and building a tool for finding instances of it on target web sites. Recently we tested imgur.com and discovered a flaw that can affect...

DRUPAL-CONTRIB-2019-014

Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service. The module does not properly...