CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 (KB5002770)

Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 KB5002770 Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Word information disclosure vulnerability. To learn more about the vulnerabilities, see t...

Description of the security update for SharePoint Server 2019: August 12, 2025 (KB5002769)

Description of the security update for SharePoint Server 2019: August 12, 2025 KB5002769 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint elevation of privilege vulnerability, Microsoft Word remote code execution vulnerability,...

Malicious code in cloud-search (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6833 Malicious code in cloud-search (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in aws-cloud_search (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2009-0931

Cross-site scripting XSS vulnerability in the tag cloud search script horde/services/portal/cloudsearch.php in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Fedora 31 : php-horde-horde (2020-01d7b8b690)

horde 5.2.23 - mjr SECURITY: Fix JavaScript injection vulnerability in mobile login page. - mjr Fix broken cloud search in portal block. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 32 : php-horde-horde (2020-a41fda3b4c)

horde 5.2.23 - mjr SECURITY: Fix JavaScript injection vulnerability in mobile login page. - mjr Fix broken cloud search in portal block. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Malicious Package

Overview cloud-search is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using cloud-search...

Cross site scripting

Cross-site scripting XSS vulnerability in the tag cloud search script horde/services/portal/cloudsearch.php in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-0931

CVE-2009-0931 affects Horde: tag cloud search (horde/services/portal/cloud_search.php) vulnerable in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unsp...

Horde < 3.3.3 / 3.2.4 Horde_Image::factory driver Argument Local File Inclusion

Binary data 4835.prm...