25 matches found
CVE-2026-1543
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2018-14860
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system...
CVE-2025-62982
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...
EUVD-2025-35963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...
CVE-2025-62982
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...
CVE-2025-62982
CVE-2025-62982 : WordPress plugin Dynamic User Directory (<= v2.3) contains a stored XSS flaw due to improper input neutralization during page generation. Wordfence corroborates the CVE and notes the issue affects Dynamic User Directory
CVE-2025-62982 WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...
CVE-2025-62982 WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...
PT-2025-43854
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...
WordPress plugin Dynamic User Directory 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jin Yub in WordPress Plugin Dynamic User Directory versions = 2.3...
EUVD-2018-6742
Malware in sbrugna...
Exploit for SQL Injection in Mayurik Best_Salon_Management_System
CVE-2025-6860 Exploit Tool A proof‑of‑concept command‑line to...
UBUNTU-CVE-2024-26822
In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the...
SUSE CVE-2019-3843
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially...
GHSA-9V72-P5P3-9W65 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in ra...
Insider Risks In the Work-From-Home World
The employee who exfiltrated data after being fired. The employees who exposed 250 million customer records. The employee who stole trade secrets to get a leg up in his next job because hey, after all, it’s “his” work that he’s taking, right? Those are our traditional notions of insider risk and...
systemd: services with DynamicUser can create SUID/SGID binaries
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially...
systemd: services with DynamicUser can get new privileges and create SGID binaries
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to...