4 matches found
CVE-2026-3375
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notifyccss and /wp-json/litespeed/v1/notifyucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback notificatio...
PT-2018-10399 · Z Blogphp · Z-Blogphp
Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 2.0.0 Description: An issue was discovered where the zb system/cmd.php API endpoint, specifically the act=verify action, relies on MD5 for the password parameter. This could potentially make it easier for attackers to bypass...
The vulnerability of the iOS operating system, the multimedia player iTunes, and the web browser Safari allows attackers to obtain confidential information or circumvent existing access restrictions policies.
The vulnerability of the WebKit component of the iOS operating system, the multimedia player iTunes, and the browser Safari is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to bypass existing access restrictions or obtain confidentia...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...