Lucene search
K

10269 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:38 a.m.17 views

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

4.3CVSS6AI score0.01328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.9 views

CVE-2023-45147

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

4.9CVSS6.8AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.6 views

CVE-2023-31073

Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through...

4.3CVSS8.5AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4469

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

5.3CVSS5.3AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.19 views

CVE-2025-40696

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint '/ofrs/reporting.php'. This vulnerability could...

5.4CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.4 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.7AI score0.00244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.6 views

CVE-2024-34708

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...

4.9CVSS7AI score0.00757EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.8 views

CVE-2023-50256

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

7.5CVSS6.7AI score0.00716EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.5 views

CVE-2023-31133

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...

7.5CVSS6.7AI score0.45713EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.5 views

CVE-2025-23430

Cross-Site Request Forgery CSRF vulnerability in Oren Yomtov Mass Custom Fields Manager mass-custom-fields-manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through = 1.5...

7.1CVSS7.2AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.8 views

CVE-2025-23822

Cross-Site Request Forgery CSRF vulnerability in alicornea Category Custom Fields categorycustomfields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through = 1.0...

7.1CVSS7.2AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.11 views

CVE-2022-31112

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

8.2CVSS6.5AI score0.01211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:35 a.m.22 views

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...

8.5CVSS6.9AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.13 views

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....

9.9CVSS6.8AI score0.0059EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 5:25 a.m.9 views

Security Bulletin: Data Binding Validation Bypass in Spring Framework, affects watsonx.data

Summary There are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.6 6.1.0 - 6.1.19 6.0.0 - 6.0.27 5.3.0 - 5.3.42 Older, unsupported versions are also affected Mitigation Users of affected versions should...

5.3CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/01/08 6:15 p.m.4 views

CVE-2025-67825

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

5.5CVSS5.8AI score0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/08 12:0 a.m.3 views

CVE-2025-67825

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

6.2AI score0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 11:19 p.m.2 views

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.4AI score0.00244EPSS
Exploits1References2
CVE
CVE
added 2026/01/07 11:19 p.m.15 views

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

4.3CVSS6.4AI score0.00244EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/07 11:19 p.m.30 views

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS0.00244EPSS
Exploits1References2
Rows per page
Query Builder