15 matches found
CVE-2022-50585
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...
CVE-2022-50585
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...
PT-2025-44482
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.7 Nagios XI versions prior to 5.8.9 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the Audit Log page search input. A lack of proper input...
PT-2025-44484
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.9 Description The software is susceptible to a cross-site scripting XSS issue through the Apply Configuration error text. A lack of proper input validation or escaping of user-provided data could enable an...
EUVD-2024-47515
Malicious code in bioql PyPI...
CVE-2024-12575
CVE-2024-12575 relates to the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (≤ 5.8.9). The vulnerability is an unauthenticated basic information exposure exposed via the ajax action ays_finish_poll, allowing attackers to retrieve admin email information from poll respon...
CVE-2024-12575 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'aysfinishpoll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information...
WordPress plugin ProfileGrid security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37604 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to, and including, 5.8.9 Description: The issue is due to a lack of validation on user-supplied data in the 'pm upload image' AJAX action, allowing...
WordPress plugin ProfileGrid security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37603 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to, and including, 5.8.9 Description: The issue is related to Insecure Direct Object Reference. It affects the pm upload image function due to missing...
PT-2024-19512 · Unknown · Pluxml Blog
Name of the Vulnerable Software and Affected Versions: PluXml Blog version 5.8.9 Description: The issue is related to a remote code execution RCE vulnerability in the Static Pages feature of PluXml Blog. This vulnerability can be exploited by injecting a crafted payload into the Content field...
PluXml Security Vulnerability
PluXml is a free and open source content management system that does not require a database to work. A security vulnerability exists in PluXml Blog version v5.8.9, which stems from a remote code execution vulnerability contained in a static page that can be used to execute remote code by injectin...
radare2 security vulnerability
radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 version 5.8.9, which stems from the presence of an out-of-bounds read that can cause the program to crash...
radare2 buffer error vulnerability
radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 version v.5.8.9, which stems from an out-of-bounds read issue...