Lucene search
K

27 matches found

Cvelist
Cvelist
added 2025/03/25 6:0 a.m.15 views

CVE-2024-11273 Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...

0.00257EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/12 3:21 a.m.22 views

CVE-2025-2078 BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS0.00234EPSS
Exploits0References2
CVE
CVE
added 2025/02/04 6:0 a.m.57 views

CVE-2024-13326

CVE-2024-13326 affects the iBuildApp WordPress plugin (versions up to 0.2.0). The issue is a reflected cross-site scripting (XSS) caused by insufficient sanitization/escaping of a parameter before echoing it to the page, enabling an attacker to trick high-privilege users (e.g., admins) into execu...

6.1CVSS6.2AI score0.00567EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/01/13 3:47 p.m.12 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.8 Images Update

New images are available for Red Hat build of Keycloak 26.0.8 and Red Hat build of Keycloak 26.0.8 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

6.5CVSS6AI score0.00927EPSS
Exploits0References3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...

7.6AI score
Exploits0
OSV
OSV
added 2021/10/27 1:34 p.m.7 views

SUSE-SU-2021:3562-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: spacewalk-admin: - Version 4.1.10-1 Fix setup with rhn-config-satellite bsc1190300 Allow admins to modify only spacewalk config files with rhn-config-satellite.pl bsc1190040 CVE-2021-40348 How to apply this update: 1. Log in as root user to the SUSE Manager...

9.3CVSS8.7AI score0.01741EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/03/22 2:0 a.m.17 views

CVE-2006-1353

Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the downloadid parameter in downloadclick.asp and 2 contentID parameter in news/NewsItem.asp; authenticated administrators can also conduct attacks via 3 userid...

8.3AI score0.0427EPSS
Exploits1References21
Rows per page
Query Builder