556 matches found
CVE-2026-20746
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values...
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...
CVE-2026-20746 PingDirectory copying of virtual attributes leads to memory exhaustion
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values...
CVE-2026-20746
PingDirectory (Ping Identity) is affected; copying virtual attributes that reference ds-privilege-name values can exhaust the Java heap when recent login history is enabled. The root cause is in virtual attribute handling within affected PingDirectory versions, enabling only authorized users to t...
PT-2026-48819
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values...
USN-8315-1 mediawiki vulnerabilities
It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. CVE-2026-34087 It was discovered that MediaWiki incorrectly handled...
CVE-2026-34088 RecentChanges entries expose suppressed content via generated log page html
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34088
CVE-2026-34088 (MediaWiki) is a disclosed exposure vulnerability affecting MediaWiki versions before 1.43.7, 1.44.4, and 1.45.2. The connected sources confirm a broad vulnerability family in MediaWiki leading to information disclosure to unauthorized actors. Debian’s advisory DSA-6208-1 notes mul...
WordPress Carousel, Recent Post Slider and Banner Slider plugin <= 2.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Spice Post Slider versions = 2.1...
WordPress Post List Designer – Category Post, Recent Post, Post List plugin <= 3.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Posts List Designer by Category – List Category Posts Or Recent Posts versions = 3.3.7...
CVE-2018-25309
MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...
CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting
MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...
EUVD-2018-21830
MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...
CVE-2018-25309
CVE-2018-25309 affects MyBB 17.0 Recent Threads. It is a persistent XSS in the thread subject that lets attackers inject scripts to execute in the browsers of users viewing the index page. The root cause is crafted subject lines containing script tags, enabling arbitrary JavaScript execution in a...
MyBB Recent threads 跨站脚本漏洞
MyBB Recent threads is a plugin provided by MyBB Corporation that displays the latest topic lists on forums. Version 17.0 of MyBB Recent threads contains a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting, allowing attackers to inject malicious...
PT-2026-35992
Name of the Vulnerable Software and Affected Versions MyBB Recent threads version 17.0 Description A persistent cross-site scripting issue allows attackers to inject malicious scripts by creating threads with crafted subject lines. By using script tags in the subject parameter, an attacker can...
CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...
CVE-2026-4106
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...
HP Color LaserJet Exposure of Sensitive Information to an Unauthorized Actor (CVE-2005-2988)
HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP. This plugin only works with Tenable.ot. Please visit...
WordPress WP Responsive Recent Post Slider/Carousel plugin <= 3.7.1 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin WP Responsive Recent Post Slider/Carousel versions = 3.7.1...