7427 matches found
KLA87521 PE vulnerability in Microsoft Developer Tools
An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-49734 Related products PowerShell CVE list CVE-2025-49734 high Solution Install necessary updates from the KB section, th...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21127)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which stems from the lack of effective filtering and escaping of user-supplied data in the /apprain/developer/addons parameter page, which can be exploited by an attacker to steal a victim's...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21119)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/cycle endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...
CVE-2025-58818
Cross-Site Request Forgery CSRF vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through = 3.2.1...
CVE-2025-41062
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons...
CVE-2025-58818
Cross-Site Request Forgery CSRF vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through = 3.2.1...
CVE-2025-58818
CVE-2025-58818 is a CSRF vulnerability in the WordPress plugin Developer Tools Blocker (SwiftNinjaPro) affecting versions up to 3.2.1. Technical details across sources confirm CSRF as the root cause and that exploitation could enable actions on behalf of authenticated users. Mitigation: update to...
CVE-2025-58818 WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through = 3.2.1...
CVE-2025-58818 WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through = 3.2.1...
WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Developer Tools Blocker versions = 3.2.1...
WordPress plugin Developer Tools Blocker 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-36157
Name of the Vulnerable Software and Affected Versions: SwiftNinjaPro Developer Tools Blocker versions through 3.2.1 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to perform actions on behalf of an authenticated user without their knowledge...
CVE-2025-41057
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/richtexteditor...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the page parameter in /apprain/developer/addons. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or XSS ...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input on the /apprain/developer/addons/update/960grid endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/commonresource endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/dialogs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/uploadify endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.
...
HCL Compass 安全漏洞
HCL Compass is a low-code change management software from HCL India. Managing the full range of testing activities and integration with developer tools. HCL Compass suffers from a security vulnerability that stems from could lead to unauthorized access to the database by an attacker...