Lucene search
K

68 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-12081

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-12428 Blocks for ACF Fields <= 1.6.2 - Missing Authorization to Authenticated (Author+) Arbitrary ACF Field Value Disclosure via 'id' Parameter

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
CVE
CVE
added 6 days ago10 views

CVE-2026-12428

The CVE concerns the WordPress plugin Blocks for ACF Fields (versions up to 1.6.2). A missing capability check on the REST endpoint /wp-json/acf-field-blocks/v1/values (get_all_values) allows unauthorized access to ACF field data. The permission_callback only verifies publish_posts, and the handl...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:1 p.m.7 views

CVE-2026-47193

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/08 4:34 p.m.31 views

CVE-2026-43966

CVE-2026-43966 describes a HTTP Response Splitting flaw in the Erlang/cowlib component, where cow_http_struct_hd:escape_string/2 only escapes backslash and quote, allowing CRLF injection into structured HTTP header values. The mismatch between the encoder (allows any byte) and the parser (accepts...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.14 views

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 7:38 p.m.18 views

CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS0.00435EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:38 p.m.3 views

CVE-2026-39857

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS5.8AI score0.00435EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.7 views

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.4CVSS5.9AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2025-208701

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.4CVSS5.8AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:18 p.m.4 views

CVE-2025-69237

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.4CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:18 p.m.5 views

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.4CVSS0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 11:53 a.m.2 views

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:53 a.m.8 views

CVE-2025-69237

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2026/03/16 11:53 a.m.11 views

CVE-2025-69237

CVE-2025-69237 concerns Raytha CMS, where a Stored XSS vulnerability exists in the page creation flow via FieldValues[0].Value. An authenticated attacker with content-creation permissions can inject arbitrary HTML/JS that is rendered on the edited page. The issue is fixed in version 1.4.6. The pr...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:52 a.m.7 views

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/16 11:52 a.m.29 views

CVE-2025-69236 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 11:52 a.m.23 views

CVE-2025-69236

CVE-2025-69236 : Raytha CMS is affected by a Stored XSS in the post editing workflow, exploitable via the FieldValues[1].Value parameter. An authenticated attacker with post-edit permissions can inject arbitrary HTML/JS that is rendered when the edited page is viewed. The issue has a CVSS-based i...

5.4CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25690

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References2
Rows per page
Query Builder