14 matches found
CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter
The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...
CVE-2026-12083
The CVE-2026-12083 issue affects the Admin and Site Enhancements (ASE) WordPress plugin and the admin-site-enhancements-pro plugin prior to version 8.8.4. The vulnerability arises from missing authentication, authorization, and nonce checks on a role-restoration request handler, enabling unauthen...
UBUNTU-CVE-2026-32762
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...
EUVD-2005-1175
Malware in sbrugna...
EUVD-2025-24946
Malicious code in bioql PyPI...
CVE-2025-8983
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expensefor leads to sql injection. The attack may be initiated remotely. The exploit...
CVE-2025-8983
The CVE-2025-8983 entry concerns itsourcecode Online Tour and Travel Management System 1.0. A SQL injection vulnerability exists in /admin/operations/expense.php via the expense_for parameter. Exploitation is possible remotely, and public exploits have been disclosed. Connected sources corroborat...
Meteor 安全漏洞
Meteor is a JavaScript application platform open-sourced by Meteor. A security vulnerability exists in Meteor 3.2.1 and earlier versions, which stems from an insufficient regular expression complexity due to an incorrect operation of the function Object.assign on the parameter forwardedFor in the...
WBCE CMS Access Control Error Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from an Access Control Error vulnerability that stems from the increaseattempts function in the wbce/framework/class.login.php file in its Header Handler component not appropriately restricting too...
Project-Pier ProjectPier-Core Cross-Site Scripting Vulnerability
Project-Pier ProjectPier-Core is a free open source project management system. Multiple cross-site scripting vulnerabilities exist in Project-Pier ProjectPier-Core. A remote attacker can inject arbitrary web script or HTML by sending the 'searchfor' parameter to the searchbytag.php file,...
CVE-2017-15869
Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...
CVE-2017-15869
Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...
CVE-2005-1172
Cross-site scripting XSS vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter...
CVE-2005-1172
Cross-site scripting XSS vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter...