806 matches found
Orange Forum 1.4.0 - Open Redirect
Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-14474 info: nam...
@c0va23/react-router-dev (=7.8.3-alpha.2), @holocron.so/cli (>=0.6.0 <=0.16.0) +15 more potentially affected by CVE-2026-23870 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.24)
@vitejs/plugin-rsc NPM version =0.4.11, =0.6.0, =0.5.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental-2a6c7bc, =0.0.0-pr-32412-sha-4e0feb24, =1.0.2, =0.1.0, =0.0.1, =1.18.0-rsc.19, =0.1.0, =0.0.1-alpha.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-23870 Source advisory:...
Security-Team---Workspace-
🛡️ Security Team Workspace El primer framework de cibersegur...
EUVD-2026-19855
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...
CVE-2026-1808
The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1808
The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1808 Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1808
The CVE-2026-1808 entry concerns the Orange Confort+ accessibility toolbar for WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the style parameter of the ocplus_button shortcode in all versions up to 0.7 due to insufficient input sanitization and output escaping. Exploitatio...
CVE-2026-1808 Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...
EUVD-2026-5613
The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...
WordPress Orange Confort+ accessibility toolbar for WordPress plugin <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Orange Comfort+ accessibility toolbar for WordPress versions = 0.7...
PT-2026-6680
Name of the Vulnerable Software and Affected Versions Orange Confort+ accessibility toolbar for WordPress plugin versions prior to 0.7 Description The Orange Confort+ accessibility toolbar for WordPress plugin is susceptible to Stored Cross-Site Scripting. This is due to insufficient input...
WordPress plugin Orange Confort+ 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Badges, Bytes and Blackmail
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification ...
CVE-2018-18375
goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...
CVE-2018-18377
goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...
Malicious code in curved-orange-thrush (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39ef8856f41d66e8d2bfd6b417060f717f920ce163201c6db6b71acdd9ab6f04 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117216
Malicious code in nasty-orange-frog npm...
EUVD-2025-117149
Malicious code in puny-orange-baboon npm...
Malicious code in grotesque-orange-junglefowl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa6ab74ab7d8e00ba82151c88cd9af57b2afdc6fe6f0e2aa0e17c14e037533f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...