PT-2025-50861

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugin create option' and 'BMLTPlugin delete option ' action. This makes it possible for unauthenticated attackers ...

Apache Airflow's create action can upsert existing Pools/Connections/Variables

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

EUVD-2018-11578

Malware in sbrugna...

EUVD-2022-50889

Malicious code in bioql PyPI...

EEF-CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden

Summary Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program...

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

CVE-2025-30345

OpenSlides CVE-2025-30345 affects OpenSlides versions prior to 4.2.5. The vulnerability arises in the chat_group.create action: while some HTML elements (e.g., SCRIPT) are filtered, others are not, and HTML entities are not consistently encoded when deleting chats or deleting messages, potentiall...

CVE-2024-47047

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper validation of the mail parameter in the createAction process. An unauthenticated attacker can display user-submitted data of all forms persisted by the extension. Note This vulnerability can onl...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.0 and earlier, which stems from an inability to validate the mail parameter of createAction, resulting in insecure direct object...

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

PT-2023-8603 · Xwiki · Xwiki Platform +1

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 7.2-milestone-2 through 14.10.12 org.xwiki.platform:xwiki-platform-web-templates versions prior to 14.10.12 and 15.5-rc-1 Description: The issue allows an attacker to pass a title to the page creation action that isn't...

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

Cross site scripting

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

PT-2023-15603

Name of the Vulnerable Software and Affected Versions X2CRM Open Source Sales CRM versions 6.6 through 6.9 Description A stored cross-site scripting XSS issue was found in the Create Action function, specifically via the "index.php/actions/update" URI. This allows for potential malicious script...

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpnewsletter, which stems from the fact that data about its subscribers can be obtained via the createAction operation...

PT-2022-28058 · Typo3 · Fp Newsletter

Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions 1.0 through 1.1.0 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.0 through 2.1.1 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.0 through 3.2....