CVE-2026-46698 Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

CVE-2026-42069 Kirby: Read access to site, user and role information is not gated by permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42069

CVE-2026-42069 (Kirby CMS) : Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information was not gated by permissions. The issue has been patched in Kirby 4.9.0 and 5.4.0; upgrade to those versions or later to fix the vulnerability. The problem enables unauthorized read acce...

CVE-2026-42069 Kirby: Read access to site, user and role information is not gated by permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2020-37139

CVE-2020-37139 affects Odin Secure FTP Expert 7.6.3. The issue is a local denial-of-service vulnerability caused by a buffer overflow triggered by pasting 108 bytes of repeated characters into site information/connection fields, which crashes the application. Multiple connected sources corroborat...

Automattic: Site information's Display Name section vulnerable for XSS attacks and HTML Injections.

Summary: Hi, Greetings. I have found that site information's Display Name section on the try.pressable.com is vulnerable for potential XSS attacks and HTML Injections. Steps To Reproduce: 1. Visit https://try.pressable.com 2. Create a new site. 3. On the Display Name section, put the XSS / HTML...

RHEL 6 : chromium-browser (RHSA-2020:2544)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 83.0.4103.97. Security Fixes:...

chromium-browser: Incorrect security UI in site information

Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name...

DRUPAL-CONTRIB-2019-014

Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service. The module does not properly...

UNL-CMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19097)

UNL-CMS is a PHP-based content management system. A cross-site request forgery vulnerability exists in UNL-CMS version 7.59, which can be exploited by remote attackers to update the settings of a website with the help of the...

CVE-2018-17070

An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay...

CVE-2008-6673

asp/bslogin.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to 1 change the admin password via the cSaveAdminPW action; 2 modify site information, such as the contact address, via the saveAdmin; and 3 modify the site design...