Lucene search
K

25 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/01 9:32 a.m.8 views

CVE-2026-13228

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References8
OSV
OSV
added 2026/06/18 2:13 p.m.5 views

CVE-2026-50141 Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS6AI score0.00246EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.30 views

CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:3 p.m.64 views

CVE-2026-48119

CVE-2026-48119 (Nezha Monitoring) involves authenticated agents forging service-monitor results for other users’ services in versions 0.20.0 through pre-2.0.12. The vulnerability arises from the service-monitor worker not verifying that the reporter server and service ownership align with the rep...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:3 p.m.7 views

CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:3 p.m.11 views

EUVD-2026-36595

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.6 views

CVE-2019-25742

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

6.4CVSS5.7AI score0.00171EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.10 views

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.42 views

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

5.4CVSS0.00171EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 1:22 p.m.17 views

CVE-2019-25742

CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46212

Name of the Vulnerable Software and Affected Versions Zoner Real Estate version 4.1.1 Description A persistent cross-site scripting issue exists where authenticated agents can inject malicious JavaScript payloads through the Address input field during property creation. These scripts execute when...

5.4CVSS4.9AI score0.00171EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/27 7:36 p.m.28 views

CVE-2026-6741 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS0.00293EPSS
Exploits1References6
CVE
CVE
added 2026/03/02 11:22 p.m.17 views

CVE-2026-1566

The CVE affects LatePoint

8.8CVSS6AI score0.003EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 3:16 p.m.5 views

CVE-2020-37018

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS0.0024EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 2:28 p.m.11 views

CVE-2020-37018

CVE-2020-37018 ffects GOautodial 4.0: a persistent cross-site scripting (XSS) vulnerability allows authenticated agents to inject malicious scripts via message subjects. Crafted messages with embedded JavaScript can execute when an administrator reads the message, potentially leaking session cook...

6.4CVSS5.9AI score0.0024EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 2:28 p.m.4 views

EUVD-2020-30922

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS5.9AI score0.0024EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.2 views

CVE-2020-37018 GOautodial 4.0 - Persistent Cross-Site Scripting

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS5.9AI score0.0024EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.3 views

CVE-2020-37018

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS5.9AI score0.0024EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5292

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS5.9AI score0.0024EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/06/06 7:15 p.m.61 views

CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

6.3CVSS6.1AI score0.00776EPSS
Exploits0References2
Rows per page
Query Builder