3306 matches found
PT-2025-49567
Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A flaw in access control within usememos memos allows attackers with limited privileges to improperly change or remove attachments uploaded by other users. The issue involves insufficient restrictions ...
CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...
CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control and could allow a low-privileged attacker to modify or delete attachments from other users...
CVE-2025-65798
The CVE-2025-65798 entry concerns usememos memos v0.25.2 with an incorrect access-control flaw that lets low-privilege attackers modify or delete attachments belonging to other users. The connected advisories confirm this is a real vulnerability in the memos server/router/api/v1 surface (and rela...
CVE-2025-12717
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2025-201522
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717 List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717
CVE-2025-12717 concerns the WordPress plugin List Attachments Shortcode. The WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the list-attachments Shortcode parameter before_list, affecting versions up to and including 0.4.1a. Exploitation requires authenticated access at...
CVE-2025-12717 List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress List Attachments Shortcode plugin <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability
Authenticated Author+ Stored Cross-Site Scripting via list-attachments Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin List Attachments Shortcode versions = 0.4.1a...
PT-2025-49335
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before list' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin List Attachments Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...
CVE-2025-66550
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
EUVD-2025-201443
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
CVE-2025-12876
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ptodeletefile AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete...