21 matches found
CVE-2025-14853
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...
CVE-2025-14853
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...
PT-2026-3224
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the display settings page function. This makes it possible for unauthenticated attackers to modify plugin settings vi...
WordPress plugin LEAV Last Email Address Validator has a cross-site request forgeing vulnerability.
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-14164
The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...
EUVD-2025-204631
The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...
CVE-2025-14164
The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...
CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update
The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...
EUVD-2008-1485
Malware in sbrugna...
CVE-2025-38030
Removed by vendor...
Realme GT 2 信息泄露漏洞
Realme GT 2 is a smartphone from the Chinese company Realme Realme. The Realme GT 2 RMX3311 suffers from a security vulnerability that originates from physical proximity Attackers may be able to gain access to sensitive information through the display-only app settings feature...
PT-2024-3608 · Cacti · Cacti
Name of the Vulnerable Software and Affected Versions: Cacti versions 1.3.x Description: A reflected cross-site scripting issue in Cacti allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This is related to the lack of measures to...
NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
Description The plugin does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks 1. Create a gallery and upload an image. 2. Add the NextGEN Gallery block to a page and click Edit. Select the Gallery creat...
Workspace app for ios default display settings
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. What is the default setting for Workspace app for iOS on iPhones? Display settings are not all the...
September 12, 2017—KB4038783 (OS Build 10586.1106)
September 12, 2017—KB4038783 OS Build 10586.1106 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates to Internet Explorer 11’s navigation bar with search box. Addressed issue in Intern...
Algolia: Stored XSS from Display Settings triggered on Save and viewing realtime search demo
Here are the steps to trigger the XSS: 1. Create a JSON record that will contain the following attribute: "": "XSS attribute" 2. Go to Indices - Display and select the attribute under Attributes for Faceting and click save. 3. Note that XSS is triggered multiple times on that page. 4. XSS is now...
Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read
Exploit for linux platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=745 We have identified the following crash due to an invalid read in Foxit PDF Reader version 1.0.1.0925 for Linux 64-bit, when started with a specially crafted PDF file in the...
Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=745 We have identified the following crash due to an invalid read in Foxit PDF Reader version 1.0.1.0925 for Linux 64-bit, when started with a specially crafted PDF file in the following way: $ DISPLAY=:1 FoxitReader...
Cross site scripting
Cross-site scripting XSS vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings...
CVE-2015-4392
CVE-2015-4392 describes an XSS vulnerability in the Drupal Display Suite module for version 7.x-2.7. The issue allows remote authenticated users to inject arbitrary script/HTML via field display settings. The root cause is improper sanitization in Display Suite 7.x-2.7. Mitigation: upgrade to Dis...