36051 matches found
CVE-2025-58468
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
CVE-2025-58468
CVE-2025-58468—Notification Center describes a cross-site request forgery (CSRF) vulnerability that could allow remote attackers to gain privileges or hijack user identities. The advisory states the issue is fixed in Notification Center version 1.10.0.3291 and later. From the connected records, n...
EUVD-2025-210096
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
PT-2026-48355
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability
...
Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-34033
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...
CVE-2026-34033 Apache Answer: HTML Content Injection in Email
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...
CVE-2026-34033
CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...
SureForms <= 1.13.1 - Sensitive Information Exposure
SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...
CVE-2026-8902
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...
CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...
CVE-2026-6242
An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...
CVE-2025-48648
In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...