Lucene search
K

265 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.9 views

CVE-2023-22740

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 beta tests-passed are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...

6.5CVSS6.7AI score0.00683EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:19 p.m.6 views

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via Drafts...

5.4CVSS6.1AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.7 views

CVE-2021-43781

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

6.4CVSS6.6AI score0.00662EPSS
Exploits1
OSV
OSV
added 2025/04/10 12:25 p.m.2 views

GHSA-2JQJ-5QV2-XVCG ezsystems/ezplatform-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

7.1CVSS6.6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/07 12:20 a.m.20 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

8.1CVSS6.5AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2025/04/05 9:15 p.m.32 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

8.1CVSS0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/04/05 9:15 p.m.8 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

8.1CVSS6.4AI score
Exploits0References1
CNNVD
CNNVD
added 2025/04/05 12:0 a.m.4 views

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.4.2, which stems from an information disclosure that could lead to customers viewing and manipulating shared drafts...

8.1CVSS6AI score0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/05 12:0 a.m.10 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

4.2CVSS6.5AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/05 12:0 a.m.27 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

4.2CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/04/05 12:0 a.m.111 views

CVE-2025-32360

CVE-2025-32360 affects Zammad 6.4.x before 6.4.2, with information exposure allowing a logged-in customer to view details of shared article drafts for their tickets in the browser console and to manipulate them via the API. Root cause: exposure of draft details intended only for agents. Impact: p...

8.1CVSS6.5AI score0.00216EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/30 2:15 p.m.39 views

CVE-2024-8494

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

6.5CVSS0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/21 12:0 a.m.3 views

PT-2024-16556 · WordPress · Full Screen Menu For Elementor

Name of the Vulnerable Software and Affected Versions: Full Screen Menu for Elementor plugin for WordPress versions up to, and including, 1.0.7 Description: The Full Screen Menu for Elementor plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts ca...

4.3CVSS9.4AI score0.00295EPSS
Exploits0References7
OSV
OSV
added 2024/11/21 11:15 a.m.3 views

CVE-2024-10696

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

4.3CVSS5.8AI score0.00484EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.5 views

PT-2024-16471 · WordPress · Futurio Extra

Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.13 Description: The issue concerns Information Exposure via the elementor-template shortcode due to insufficient restrictions on which posts can be included. This allows...

4.3CVSS9.4AI score0.003EPSS
Exploits0References11
OSV
OSV
added 2024/11/09 5:15 a.m.3 views

CVE-2024-10770

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.8AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2024/10/24 9:15 a.m.5 views

CVE-2024-10050

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

4.3CVSS5.8AI score0.00471EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.3 views

PT-2024-38334 · WordPress · The Post Grid

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress versions up to, and including, 7.7.11 Description: The issue allows authenticated attackers with contributor-level access and above to extract...

4.3CVSS6.3AI score0.00495EPSS
Exploits0References12
NVD
NVD
added 2024/07/18 9:15 p.m.48 views

CVE-2024-6455

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to view any item created in Elementor,...

5.3CVSS0.00396EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.5 views

PT-2024-28007 · Nato · Nato Nci Anet

Name of the Vulnerable Software and Affected Versions: NATO NCI ANET version 3.4.1 Description: The issue allows for Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user. Recommendations: For NATO NCI ANET version 3.4.1...

8.1CVSS7.2AI score0.00407EPSS
Exploits1References5
Rows per page
Query Builder