Lucene search
K

12 matches found

CVE
CVE
added 2025/12/15 12:0 a.m.9 views

CVE-2025-66436

Summary: CVE-2025-66436 is a Server-Side Template Injection (SSTI) in Frappe ERPNext up to version 15.89.0, in get_terms_and_conditions. The function renders attacker-controlled Jinja2 templates (terms) via frappe.render_template() with a user-supplied context (doc). Despite a custom SandboxedEnv...

4.3CVSS7.1AI score0.00289EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.4 views

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from the presence of server-side template injection in the gettermsandconditions method, which could lead to server-side code...

4.3CVSS7.6AI score0.00289EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/01 1:47 a.m.7 views

CVE-2025-11816 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disconnectaccountrequest function in all versions up to, and including, 3.5.1. This makes i...

5.3CVSS0.00273EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/08 10:17 p.m.14 views

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

4.8CVSS5.8AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/09/18 10:15 a.m.45 views

CVE-2025-8565

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...

8.1CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 2025/09/18 9:31 a.m.23 views

CVE-2025-8565

CVE-2025-8565 affects the WordPress plugin Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WP Legal Pages. The vulnerability is a missing capability check in wplp_gdpr_install_plugin_ajax_handler() that exists in all versions up to and including 3.4.3. This allows authent...

8.1CVSS4.9AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/18 9:31 a.m.4 views

CVE-2025-8565 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...

8.1CVSS4.8AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2025/03/27 10:55 a.m.38 views

CVE-2025-30866

CVE-2025-30866 – The Terms & Conditions Per Product plugin suffers a Missing Authorization flaw due to incorrectly configured access control. Affected Software: Terms & Conditions Per Product (from n/a up to 1.2.15). Underlying cause: improperly configured access control levels that allow unautho...

5.3CVSS7.2AI score0.00471EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 8:15 p.m.19 views

CVE-2023-47824

Cross-Site Request Forgery CSRF vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin = 1.3.8 versions...

8.8CVSS0.00254EPSS
Exploits0References1
Prion
Prion
added 2023/11/22 8:15 p.m.21 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin = 1.3.8 versions...

6.8CVSS7.4AI score0.00254EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/02/07 4:15 p.m.11 views

CVE-2021-25106

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to...

5.4CVSS0.006EPSS
Exploits2References1
The Hacker News
The Hacker News
added 2012/01/06 2:50 p.m.6 views

Facebook 2012 Hacker Cup announced !

Facebook 2012 Hacker Cup announced Facebook today announced open registration for its second annual Hacker Cup, an annual algorithmic programming contest open to engineers from around the world. Programmers will be judged on accuracy and speed as they race to solve algorithmic problems to advance...

6.7AI score
Exploits0
Rows per page
Query Builder