CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

CVE-2025-8676

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the getactiveplugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract...

CVE-2022-4164

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...

CVE-2019-17235

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure...

WordPress Hive Support plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hunter85 in WordPress Plugin Hive Support versions = 1.2.10...

CVE-2024-12250

The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in...

WordPress Plugin Information Reel SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2013-10024 Exit Strategy Plugin exitpage.php information disclosure

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView version 4.54, which stems from a user-mode write access conflict issue i...

CloudBees Jenkins Skytap Cloud CI Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Skytap Cloud CI Plugin is used in one of the plug-in for...

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

jenkins: Information on installed plugins exposed via API (SECURITY-250)

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description SECURITY-170 / CVE-2016-3721 Arbitrary build parameters are passed to build scripts as environment variables SECURITY-243 / CVE-2016-3722 Malicious users with multiple user accounts can prevent other users from logging in SECURITY-250 / CVE-2016-3723...

TikiWiki tiki-error.php XSS

The remote host is running TikiWiki, a content management system written in PHP. The version of this software running on the remote host has a cross-site scripting vulnerability in tiki-error.php. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL,...

Service Detection: 3 ASCII Digit Code Responses

This plugin is a complement of findservice1.nasl. It attempts to identify services that return 3 ASCII digits codes ie: FTP, SMTP, NNTP, ... C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid14773; scriptversion"1.60"; scriptsetattributeattribute:"pluginmodificationdate"...

Solaris 8 (sparc) : 109887-18

SunOS 5.8: smartcard and usr/sbin/ocfserv patch. Date this patch was last updated by Sun : Nov/17/03 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; i...

Solaris 8 (sparc) : 110286-16

OpenWindows 3.6.2: Tooltalk patch. Date this patch was last updated by Sun : Jul/03/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 8 (sparc) : 109815-23

SunOS 5.8: se, acebus, pcf8574, pcf8591 and scsb patch. Date this patch was last updated by Sun : Jan/31/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...