Lucene search
K

30 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.21 views

PT-2026-48698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp ajax nopriv ftf get site info includes/Site Info.php that verified a nonce ftf-fediverse-embeds-nonce and then called file get html$site url on the...

5.3CVSS5.3AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41770

Summary The Pages backend module registers the html purify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

8.7CVSS6.1AI score0.00062EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 2:30 p.m.5 views

CVE-2026-39392

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog...

5.5CVSS6AI score0.00247EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/04/06 5:53 p.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Company Information configuration fields, which are stored and later rendered on public-facing pages. An attacker can...

9CVSS6AI score0.00455EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/23 8:38 p.m.12 views

Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

Security Advisory — Page Content Retrieval Improper Authorization Summary An improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

7.5CVSS5.7AI score0.00268EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.5 views

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

9.8CVSS6.4AI score0.00908EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21859

Name of the Vulnerable Software and Affected Versions SPIP tickets plugin versions prior to 4.3.3 Description The SPIP tickets plugin is affected by a remote code execution issue. An unauthenticated attacker can execute code on the web server through crafted content injection. The plugin appends...

9.8CVSS6.6AI score0.00908EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24636

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00217EPSS
Exploits0References2
NVD
NVD
added 2025/08/13 3:15 p.m.3 views

CVE-2025-50690

A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...

6.1CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/13 12:0 a.m.8 views

CVE-2025-50690

A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...

0.00217EPSS
Exploits0References2
CVE
CVE
added 2025/08/13 12:0 a.m.12 views

CVE-2025-50690

CVE-2025-50690 describes a reflected XSS in SpatialReference.org (OSGeo/spatialreference.org). The issue arises from improper handling of user input in the search query parameter, enabling an unauthenticated attacker to craft a URL that reflects and executes arbitrary JavaScript in a victim’s bro...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.7 views

CVE-2024-6792

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page...

3.5CVSS6.8AI score0.00355EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.9 views

CVE-2021-24226

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

7.5CVSS6.8AI score0.05404EPSS
Exploits2References1
OSV
OSV
added 2024/09/06 6:15 a.m.2 views

CVE-2024-6792

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page...

3.5CVSS5.8AI score0.00355EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.6 views

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

3.5CVSS6.7AI score0.00355EPSS
Exploits1References2
NVD
NVD
added 2024/04/04 5:15 p.m.14 views

CVE-2024-30263

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

7.7CVSS7.6AI score0.00548EPSS
Exploits0References2
OSV
OSV
added 2024/04/04 4:51 p.m.7 views

CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

7.7CVSS6.8AI score0.00548EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-23306 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.1 Description: The macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro by passing the attachment U...

7.7CVSS7.1AI score0.00548EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/03/06 6:15 p.m.30 views

CVE-2024-24761

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to...

7.5CVSS7AI score0.00614EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/06 5:25 p.m.63 views

CVE-2024-24761 Galette public pages accessibility restriction

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to...

7.5CVSS6.8AI score0.00614EPSS
Exploits0References2
Rows per page
Query Builder