CVE-2025-10740

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version 5.2.1, which stems from a fine-grained permission model that allows configuring read-only access to work orders, however, agents are still able to incorrectly perform...

CVE-2016-2784

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting XSS attacks via a crafted HTTP Host header in a request...

CVE-2016-2784

CMS Made Simple is vulnerable to a cache-poisoning/XSS issue when Smarty Cache is active. A remote attacker can craft the Host header to poison the web server cache and modify links, potentially enabling XSS. Affected are CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2. Exploitation has be...