Lucene search
K

618 matches found

NVD
NVD
added 2026/07/08 1:16 a.m.9 views

CVE-2026-56843

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This result...

9.9CVSS0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 12:15 a.m.38 views

CVE-2026-56843

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This result...

9.9CVSS0.00364EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 12:15 a.m.17 views

CVE-2026-56843

WebPros Plesk (XML-RPC API) prior to 18.0.78.4 has an incorrect authorization flaw that lets a low-privileged, authenticated user look up domains they do not own. Ownership checks apply only to some lookup filters, and legacy protocol versions bypass schema validation, enabling cross-tenant discl...

9.9CVSS6AI score0.00364EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 12:15 a.m.8 views

EUVD-2026-42144

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This result...

9.9CVSS6AI score0.00364EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56285

Name of the Vulnerable Software and Affected Versions WebPros Plesk versions prior to 18.0.78.4 Description Incorrect authorization in the XML-RPC API allows a low-privileged authenticated customer to look up domains they do not own. This occurs because ownership is enforced only for specific...

9.9CVSS6AI score0.00364EPSS
Exploits0References10
NVD
NVD
added 2026/07/06 6:16 p.m.7 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 4:46 p.m.4 views

EUVD-2026-41892

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 4:46 p.m.32 views

CVE-2026-48614

The CVE-2026-48614 vector affects the Plesk XML API. An improper authorization flaw allows an authenticated user to inject arbitrary configuration directives, enabling arbitrary file writes as root and full privilege escalation on the underlying server. The available sources describe the impact a...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:46 p.m.6 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55960

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS5.9AI score0.00686EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 4:16 p.m.14 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS0.00686EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 3:41 p.m.36 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS0.00686EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:41 p.m.14 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 3:41 p.m.78 views

CVE-2026-44962

Plesk: XPath injection in the APS Application Catalog search allows authenticated, low-privileged users to cause local privilege escalation by interpolating unsanitized input into XPath queries. Affected: Plesk APS Catalog search component. Root cause: inadequate input sanitization for XPath. Imp...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 3:41 p.m.11 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 3:41 p.m.12 views

EUVD-2026-33344

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44902

Name of the Vulnerable Software and Affected Versions Plesk versions prior to 18.0.75.1 Plesk versions prior to 18.0.76.2 Description An XPath injection issue exists in the APS Application Catalog search functionality. This occurs because user-supplied input is interpolated into XPath queries...

9.9CVSS5.9AI score0.00686EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Plesk 安全漏洞

Plesk is a web hosting control panel developed by the Swiss company Plesk. There is a security vulnerability in Plesk, which stems from XPath injection in the APS application directory search function. User input that is not properly cleaned and directly inserted into the XPath query could allow...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.7 views

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

7.5CVSS6.9AI score0.00473EPSS
Exploits0References1
Rows per page
Query Builder