Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts...

GHSA-9589-MQ83-F749 Mattermost Server is vulnerable to DoS through maliciously crafted posts

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

Mattermost Server is vulnerable to Uncontrolled Resource Consumption

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang...

GHSA-FFCC-QR2V-3QMV Mattermost Server is vulnerable to Uncontrolled Resource Consumption

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang...

WordPress Auto Delete Posts plugin <= 1.3.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Auto Delete Posts plugin versions = 1.3.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...

Publify 访问控制错误漏洞

Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.9, which stems from incorrect access control. An attacker could exploit this vulnerability to allow an unprivileged user to modify/delete an administrator...

CVE-2022-28948

creationtimestamp| type| source ---|---|--- 2022-05-20 00:29:56+00:00| seen| https://t.me/cibsecurity/43011 2025-04-24 14:08:41+00:00| seen| https://bsky.app/profile/stefanprodan.com/post/3lnkv2n3bis2i 2025-04-25 02:15:19+00:00| seen| https://bsky.app/profile/pmloik.bsky.social/post/3lnm5nxrhxs2r...

Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection

The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. 1. Go to the All Export New Export screen in the WordPress admin. 2. Now click on Specific Post Type Posts. 3. Click now on Migrate Posts an...

Canvs Canvas Cross-site Scripting (XSS) via title and content fields

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts Add New" action, and during creation of new tags and users...

GHSA-3657-Q433-MMPX Canvs Canvas Cross-site Scripting (XSS) via title and content fields

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts Add New" action, and during creation of new tags and users...

EC-CUBE Easy Blog for EC-CUBE4 Cross-Site Request Forgery Vulnerability

EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...

Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

GHSA-VXMV-74RF-VQGP Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

GeniXCMS SQL injection vulnerability

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php...

CVE-2022-30378

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/viewpost&id=...

October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

GHSA-96MH-7XPR-QCGW October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

Moodle Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

GHSA-R867-V437-4RRM Moodle Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

EC-CUBE Easy Blog for EC-CUBE4 跨站请求伪造漏洞

EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...