19 matches found
CVE-2026-52702
CVE-2026-52702 affects the WordPress plugin “SEO Redirection” (versions ≤ 9.17). The vulnerability is an unauthenticated Cross Site Scripting (XSS) flaw reported in multiple sources. The connected documents identify the affected product and version range and confirm an XSS impact but do not provi...
CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
PT-2026-49524
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
CVE-2024-50620
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...
CVE-2024-50618
A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker can possibly obtain full authentication if the...
CVE-2024-50619
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...
CIPPlanner CIPAce 安全漏洞
CIPPlanner CIPAce is a business process automation and application development platform provided by the American company CIPPlanner. Versions of CIPPlanner CIPAce prior to version 9.17 contained security vulnerabilities. These vulnerabilities stemmed from the use of single-factor authentication i...
PT-2026-7655
Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description A weakness exists in the Authentication component of CIPPlanner CIPAce that allows attackers to bypass a security measure. Specifically, the system’s reliance on single-factor authentication...
CVE-2024-51769
An information disclosure vulnerability exists in HPE AutoPass License Server APLS prior to 9.17...
CVE-2024-51767
An authentication bypass vulnerability exists in HPE AutoPass License Server APLS prior to 9.17...
CVE-2024-51768
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server APLS prior to 9.17...
WordPress Category Posts Widget < 4.9.17- Admin+ Stored XSS vulnerability
WordPress Category Posts Widget 4.9.17- Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.17...
CVE-2024-5817
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability...
PT-2024-5352 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate...
WordPress Essential Addons for Elementor plugin <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Essential Addons for Elementor versions = 5.9.17...
GHSA-WHPJ-8F3W-67P5 vm2 Sandbox Escape vulnerability
A sandbox escape vulnerability exists in vm2 for versions up to 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. Patches Thi...
Joomla! access control error vulnerability (CNVD-2020-25676)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An Access Control Error vulnerability exists in Joomla! versions prior to 3.9.17 that stems from an incorrect ACL check and can be exploited by an...