Lucene search
K

8 matches found

NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.10 views

PT-2026-29663

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^d+.d+.d+.d+$/. This only...

5CVSS5.8AI score0.00213EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/09/16 8:40 a.m.25 views

CVE-2022-2913 Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen...

5AI score0.0057EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/22 12:0 a.m.832 views

Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass

The plugin doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any other header in LoginNoCaptcha::getipaddress which is then checked against the whitelist and...

4.3CVSS0.6AI score0.0057EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2022/01/03 12:49 p.m.8 views

CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...

6.1AI score0.01216EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/30 12:0 a.m.65 views

LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS

The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...

6.1CVSS0.2AI score0.01216EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/11/30 12:0 a.m.57 views

LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS

The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...

6.1CVSS6.1AI score0.01216EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/11/30 12:0 a.m.63 views

WordPress LiteSpeed Cache plugin <= 4.4.3 - IP Check Bypass to Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

IP Check Bypass to Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress LiteSpeed Cache plugin versions = 4.4.3. Solution Update the WordPress LiteSpeed Cache plugin to the latest available version at least 4.4.4...

6.1CVSS2.2AI score0.01216EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder