23 matches found
CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...
CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...
EUVD-2026-36595
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...
CVE-2026-48119
CVE-2026-48119 (Nezha Monitoring) involves authenticated agents forging service-monitor results for other users’ services in versions 0.20.0 through pre-2.0.12. The vulnerability arises from the service-monitor worker not verifying that the reporter server and service ownership align with the rep...
CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2019-25742
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2019-25742
CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...
PT-2026-46212
Name of the Vulnerable Software and Affected Versions Zoner Real Estate version 4.1.1 Description A persistent cross-site scripting issue exists where authenticated agents can inject malicious JavaScript payloads through the Address input field during property creation. These scripts execute when...
CVE-2026-6741 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
CVE-2026-1566
The CVE affects LatePoint
CVE-2020-37018
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...
CVE-2020-37018 GOautodial 4.0 - Persistent Cross-Site Scripting
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...
CVE-2020-37018
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...
CVE-2020-37018
CVE-2020-37018 ffects GOautodial 4.0: a persistent cross-site scripting (XSS) vulnerability allows authenticated agents to inject malicious scripts via message subjects. Crafted messages with embedded JavaScript can execute when an administrator reads the message, potentially leaking session cook...
EUVD-2020-30922
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...
PT-2026-5292
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...
CVE-2024-23793
The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...
SUSE CVE-2013-3551
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...
Improper access control
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...