12 matches found
CVE-2025-67511 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...
EUVD-2025-36004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
CVE-2025-62937
CVE-2025-62937 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin Post List Featured Image . Affected range: versions from before n/a up to and including 0.5.9 . Cause: improper neutralization of input during web page generation. Impact per provided data: stored script executi...
PT-2025-43813
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
WordPress plugin Post List Featured Image Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to set up a personal blog site on a PHP and MySQL based...
WordPress Post List Featured Image plugin <= 0.5.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Post List Featured Image versions = 0.5.9...
CVE-2023-28441
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly...
PT-2023-21724 · Unknown · Smartcars 3
Name of the Vulnerable Software and Affected Versions: smartCARS 3 versions 0.5.8 and prior Description: The issue affects smartCARS 3, a flight tracking software. In the affected versions, failed login attempts result in passwords being stored in error logs. This does not occur in version 0.5.9...
Information disclosure
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...
PT-2022-16291 · Amazon +1 · Aws-Iam-Authenticator +1
Name of the Vulnerable Software and Affected Versions: aws-iam-authenticator versions prior to 0.5.9 Description: A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. Recommendations: For versions...
Rapid7 InsightVM跨站脚本漏洞
Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. A cross-site scripting vulnerability exists in Rapid7 InsightVM 0.5.9 and prior versions, which allows an authenticated user to embed executable code in a malicious upload...
DSA-2158-1 cgiirc - cross-site-scripting
Bulletin has no description...