WordPress LeadConnector plugin < 3.0.22 - Unauthenticated Rest Call vulnerability

Unauthenticated Rest Call vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin LeadConnector versions 3.0.22...

CVE-2026-1890 LeadConnector < 3.0.22 - Unauthenticated Rest Call

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

EUVD-2017-18888

Malware in sbrugna...

EUVD-2022-42720

Malicious code in bioql PyPI...

CVE-2025-2075

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

EUVD-2025-9708

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

CVE-2022-3333

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible ...

CVE-2022-3333 Zephyr Project Manager REST Call cross site scripting

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible ...

CVE-2022-3333

CVE-2022-3333 affects Zephyr Project Manager up to 3.2.4. The issue resides in the REST Call Handler’s file /v1/tasks/create/, where manipulation of the onanimationstart argument enables cross-site scripting. The vulnerability can be triggered remotely, implying network-accessible exploitation. A...

PT-2022-21772 · Unknown · Zephyr Project Manager

Name of the Vulnerable Software and Affected Versions: Zephyr Project Manager versions up to 3.2.4 Description: A problematic issue was found in the REST Call Handler component, affecting an unknown function of the file /v1/tasks/create/. The manipulation of the onanimationstart argument leads to...

CVE-2022-36090

CVE-2022-36090 affects XWiki Platform Old Core. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources, including the REST service, did not properly check for inactive (not yet activated or disabled) users, allowing a disabled user to enable themselves via REST and potentially perform actions o...

GHSA-9G2J-5685-H44H Apache Ambari SSRF Vulnerability

Server-side request forgery SSRF vulnerability in the proxy endpoint api/v1/proxy in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call...

Description of the security update for SharePoint Server 2019: November 12, 2019

Description of the security update for SharePoint Server 2019: November 12, 2019 Summary This security update resolves an information disclosure vulnerability that exists in Microsoft SharePoint if an attacker uploads a specially crafted file to the SharePoint Server. To learn more about the...

Disabling SAML override in Confluence Data Center doesn't work

h3. Issue Summary Disabling SAML override in Confluence DC, to ensure no users can log in to Confluence via SAML/SSO only, still allows users to use default login URL and access the instance with local credentials. h3. Steps to Reproduce Configure Confluence DC with SAML/SSO steps not covered her...

CentOS 7 : pcs (CESA-2018:1060)

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Important: pcs

Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...