1360 matches found
CVE-2025-46571
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...
WordPress Show All Comments plugin <= 7.0.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Show All Comments versions = 7.0.1...
CVE-2025-3514 SureForms < 1.4.4 - Admin+ Stored XSS
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3514 SureForms < 1.4.4 - Admin+ Stored XSS
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3504
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3503
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3502
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1453 Category Posts Widget < 4.9.20 - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1976 Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6...
CVE-2025-1976 Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6...
CVE-2025-2162
CVE-2025-2162 : MapPress Maps for WordPress plugin, versions before 2.94.10, contains insufficient sanitization/escaping of settings. This enables Stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disabled (such as in multisite). Root cause: lack of proper input saniti...
CVE-2025-1525
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1524
CVE-2025-1524 affects the Ultimate Dashboard WordPress plugin (versions before 3.8.6). The issue arises from insufficient sanitization and escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins), including in multisite environments where unfiltered_html is disallo...
CVE-2025-1525 Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13610
The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-13207
The CVE-2024-13207 entry refers to the WordPress plugin Widget for Social Page Feeds (Facebook Pagelike Widget) prior to version 6.4.2. The issue is that the plugin does not adequately sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltere...
CVE-2025-2871
CVE-2025-2871 pertains to WordPress Mega Menu – QuadMenu. A CSRF flaw in ajax_dismiss_notice() with missing nonce validation affects all versions up to 3.2.0, enabling unauthenticated attackers to update any user meta (including wp_capabilities) via a forged request if a site admin is tricked int...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization that allows an admin user to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p13, 2.4.5-p12, 2.4.6-p10, 2.4.7-p5...