CVE-2026-6419

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

CVE-2020-11983

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

CVE-2025-21541

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Admin Screens and Grants UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow...

Sunbird DCIM dcTrack 安全漏洞

Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM. A security vulnerability exists in Sunbird DCIM dcTrack version v9.1.2, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML via ...

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

PT-2024-27744 · Sunbird Dcim · Dctrack

Name of the Vulnerable Software and Affected Versions: Sunbird DCIM dcTrack version 9.1.2 Description: A Cross-Site Request Forgery CSRF issue allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. This can...

elecom lan 授权问题漏洞

elecom lan routers is a router from Elecom Japan. An access control error vulnerability exists in elecom lan routers, which can be exploited by an attacker to bypass access restrictions and gain access to the product's administration screens via an unspecified vector...

Multiple stored XSS in RBAC Admin screens in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

GHSA-Q4P3-QW5C-MHPC Multiple stored XSS in RBAC Admin screens in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

PYSEC-2020-17

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

PT-2020-12966 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 1.10.10 and below Description: An issue was discovered in the admin management screens of the new/RBAC UI, where escaping was handled incorrectly. This allowed authenticated users with appropriate permissions to create...