Lucene search
K

8 matches found

CVE
CVE
added 2026/04/15 3:17 p.m.21 views

CVE-2026-20205

Summary: CVE-2026-20205 affects Splunk MCP Server app versions below 1.0.3. A user with access to the Splunk _internal index** or with the high-privilege capability mcp_tool_admin can view users’ sessions and authorization tokens in clear text. The vulnerability requires either local access to lo...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2025/07/07 5:48 p.m.35 views

CVE-2025-20325

Summary: CVE-2025-20325 affects Splunk Enterprise <9.4.3, <9.3.5, <9.2.7, <9.1.10 and Splunk Cloud Platform <9.3.2411.103, <9.3.2408.113,

5.3CVSS6.4AI score0.0031EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/13 3:15 p.m.7 views

CVE-2024-8732

The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6AI score0.00392EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/13 6:27 a.m.7 views

WordPress Roles & Capabilities plugin <= 1.1.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Roles & Capabilities versions = 1.1.9...

6.1CVSS6.3AI score0.00392EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.7 views

PT-2024-39211 · WordPress · Roles & Capabilities

Name of the Vulnerable Software and Affected Versions: Roles & Capabilities plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

6.1CVSS6.5AI score0.00392EPSS
Exploits0References9
0day.today
0day.today
added 2015/08/27 12:0 a.m.57 views

WordPress YouTube Embed 3.3.2 Cross Site Scripting Vulnerability

WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability. Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium;...

3.5CVSS5.9AI score0.01277EPSS
Exploits2
Packet Storm
Packet Storm
added 2015/08/26 12:0 a.m.56 views

WordPress YouTube Embed 3.3.2 Cross Site Scripting

Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...

3.5CVSS6.7AI score0.01277EPSS
Exploits2
Packet Storm
Packet Storm
added 2015/01/12 12:0 a.m.49 views

WordPress Pods 2.4.3 CSRF / Cross Site Scripting

Vulnerability title: Wordpress plugin Pods alert'xss' target="http://localhost"; for i=0; i'; CSRF 2 delete pods plugin data: CSRF 3 deactivate pods and delete data: CSRF 4 enable "roles and capab...

6.8CVSS0.1AI score0.02041EPSS
Exploits3
Rows per page
Query Builder