Lucene search
+L

17 matches found

OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-GHOST-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 6:13 p.m.4 views

CVE-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS6AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 6:13 p.m.29 views

CVE-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS0.00244EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 8:42 a.m.4 views

BIT-DISCOURSE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.4CVSS5.4AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.7 views

CVE-2025-69289

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 p.m.8 views

CVE-2025-69289

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.4CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 7:33 p.m.4 views

CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.1CVSS5.9AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 7:33 p.m.6 views

CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.1CVSS5.9AI score0.00162EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 7:33 p.m.19 views

CVE-2025-69289

Discourse has a privilege-escalation CVE-2025-69289 affecting versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, where a non-admin moderator can bypass email-change restrictions and takeover non-staff accounts. The issue is patched in 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Mitigatio...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.15 views

PT-2026-5195

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. A privilege escalation issue exists...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8106

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00221EPSS
Exploits1References3
NVD
NVD
added 2025/03/26 6:15 a.m.18 views

CVE-2024-13146

The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack...

8.8CVSS0.00221EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/26 6:0 a.m.18 views

CVE-2024-13146 Booknetic < 4.1.5 - Staff Creation via CSRF

The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack...

0.00221EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.7 views

PT-2025-12858 · WordPress · Booknetic

Name of the Vulnerable Software and Affected Versions: Booknetic WordPress plugin versions prior to 4.1.5 Description: The issue concerns a lack of CSRF check when creating Staff accounts, which could allow attackers to make logged-in admins add arbitrary Staff members via a CSRF attack. This cou...

8.8CVSS6.5AI score0.00221EPSS
Exploits1References7
OSV
OSV
added 2022/01/06 4:15 p.m.3 views

CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...

7.2CVSS5.8AI score0.02616EPSS
Exploits2References2
Hacker One
Hacker One
added 2015/04/16 5:36 p.m.19 views

Shopify: Invitation issue

Only the the store owner is allowed to create new staff members, but staff members with full access can take over other invited staff members' accounts using the invitation link that was available in Settings - Account page. To resolve this, we changed the display of the Account page so only the...

4.6AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

TheHostingTool 1.2.2 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: TheHostingTool 1.2.2 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Mon 12 Jul 2010 01:19:52 PM EEST Vendor: http://thehostingtool.com/ Download: http://thehostingtool.googlecode.com/files/THT-v1.2.2.zip --- -= CSRF PoC 1 - Creat...

7.1AI score
Exploits0
Rows per page
Query Builder