18 matches found
Craft CMS å®å Øę¼ę“
Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to Craft CMS 4.17.0-beta.1 and 5.9.0-beta.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation during the creation of entries, allowing large amounts of values t...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the authorId parameter during the entry creation. An attacker can assign authorship of new entries to...
CVE-2026-2023 WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
WordPress WP Plugin Info Card plugin <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability
Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability discovered by Duong Quang Hao in WordPress Plugin WP Plugin Info Card versions = 6.2.0...
CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...
EUVD-2017-15070
Malware in sbrugna...
CVE-2025-51482
creationtimestamp| type| source ---|---|--- 2025-07-22 18:56:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lul6nbngu227 2025-08-01 03:00:09+00:00| published-proof-of-concept| Telegram/y7-RpDrmSuXhLcSTuW0R9s09Quezx-GrdrSmzgmffhhoeQ 2025-10-26 21:02:29+00:00| seen|...
CVE-2025-38232 NFSD: fix race between nfsd registration and exports_proc
In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exportsproc As of now nfsd calls createprocexportsentry at start of initnfsd and cleanup by removeprocentry at last of exitnfsd. Which causes kernel OOPs if there is race between below...
SUSE CVE-2025-21999
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...
CVE-2024-10834
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...
CVE-2024-54129
creationtimestamp| type| source ---|---|--- 2024-12-05 15:21:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113600895756889464 2024-12-05 17:52:10+00:00| seen| https://t.me/cvedetector/12112...
CVE-2022-29489
CVE-2022-29489 describes a CSRF vulnerability in the WordPress Sucuri Security plugin (versions
CVE-2022-26210
creationtimestamp| type| source ---|---|--- 2022-03-16 01:20:01+00:00| seen| https://t.me/cibsecurity/38990 2022-04-02 18:51:58+00:00| seen| https://t.me/NeKaspersky/2069 2022-04-04 16:37:00+00:00| seen| https://t.me/truesecator/2804 2025-04-23 09:42:57+00:00| seen|...
Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting
The plugin does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed. PoC Add an Entry /wp-admin/admin.php?page=connectionsadd and put the following payload in the Address Li...
ProjectWorlds College Management System Cross-Site Request Forgery Vulnerability
ProjectWorlds College Management System is a college management system. projectWorlds College Management System is vulnerable to cross-site request forgery, which can be exploited by attackers to modify, delete student, faculty, teacher, subject, grade, location, and article data or create new...
aoblogger 2.3 create.php Unauthenticated Entry Creation
No description provided by source. source: http://www.securityfocus.com/bid/16286/info AOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...
CVE-2010-1498
creationtimestamp| type| source ---|---|--- 2010-04-18 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/12280...
[eVuln] aoblogger Multiple Vulnerabilities
New eVuln Advisory: aoblogger Multiple Vulnerabilities http://evuln.com/vulns/37/summary/bt/ --------------------Summary---------------- Software: aoblogger Sowtware's Web Site: http://mikeheltonisawesome.com/ Versions: 2.3 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote...