12 matches found
EUVD-2024-37702
Malicious code in bioql PyPI...
Server-Side Template Injection
solspace/craft-freeform is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input handling because the submission title field in forms allows arbitrary code injection when edited by users with form editing access...
CVE-2025-52122
Summary : CVE-2025-52122 affects the Freeform CraftCMS plugin. Vulnerable versions : Freeform 5.0.0 up to (but not including) 5.10.16. Root cause : Server-side template injection (SSTI) in Freeform allows arbitrary code execution. Impact : All users with access to editing a form submission title ...
CVE-2024-28865
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
CVE-2024-57548
CMSimple 5.16 allows the user to edit log.php file via print page...
CVE-2024-38833
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...
CVE-2024-38832
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...
PT-2024-8794 · Vmware · Vmware Aria Operations
Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to views may be able to inject malicious...
PT-2024-8792 · Vmware · Vmware Aria Operations
Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. This vulnerability can be exploited by a malicious actor with editing access to...
PT-2022-26232 · WordPress · Image Hover Effects Ultimate
Name of the Vulnerable Software and Affected Versions: Image Hover Effects Ultimate plugin for WordPress versions 9.8.1 through 9.8.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in several values that can be added to ...
WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts
By default, the plugin allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. A subscriber, upon registering an account with a site with the WP Pagebuilder plugin, could immediately modify or delete...
Fedora 17 : moodle-2.2.3-1.fc17 (2012-8284)
CVE-2012-2353 MSA-12-0024: Hidden information access issue CVE-2012-2354 MSA-12-0025: Personal communication access issue CVE-2012-2355 MSA-12-0026: Quiz capability issue CVE-2012-2356 MSA-12-0027: Question bank capability issues CVE-2012-2357 MSA-12-0028: Insecure authentication issue...