CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

PT-2026-39919

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

Injection in Crowd Data Center and Server

This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability known as CVE-2025-9287 was introduced in versions 1.0.4, 6.2.4, 7.0.0, and 7.1.0 of Crowd Data Cente...

CVE-2024-22179

The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change...

WordPress Responsive Poll plugin <= 1.3.2 - Unauthenticated Manipulation With Polls (delete, clone, or view a hidden poll) vulnerability

Unauthenticated Manipulation With Polls delete, clone, or view a hidden poll vulnerability discovered by pak0s in WordPress Responsive Poll plugin versions = 1.3.2. Solution Update the WordPress Responsive Poll plugin to the latest available version at least 1.3.4...

Cross site scripting

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting XSS vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service passwor...

CVE-2019-8346

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting XSS vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service passwor...

BrightSign Digital Signage - Multiple Vulnerablities

Exploit for hardware platform in category web applications Exploit Title: BrightSign Digital Signage Multiple Vulnerabilities Date: 12/15/17 Exploit Author: email protected Vectors: XSS, Directory Traversal, File Modification, Information Leakage The BrightSign Digital Signage 4k242 device Firmwa...