Pi-Hole Adminlte 安全漏洞

Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had security vulnerabilities. These vulnerabilities stemmed from a reflection-based DOM cross-site scripting vulnerability in the taillog.js library, which could allow unauthenticated...

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the connection proxy by SSE endpoints, which could allo...

CVE-2024-3287

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

CVE-2024-10268

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...

WordPress plugin SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Privilege Escalation

Firefox is vulnerable to a Privilege Escalation. The vulnerability is due to the unauthorized injection of an event handler into a privileged object, leading to arbitrary JavaScript execution in the parent process...

CVE-2023-5126 Delete Me <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugindeleteme' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Privilege Escalation

keycloak is vulnerable to privilege escalation. The realm management interface permits unauthorised setting up of scripts via the policy, allowing an attacker to inject and execute a malicious script with the permissions of the application user...

HotExBilling Manager 73 Cross Site Scripting

Title: ==== HotExBilling Manager – Cross-site scripting XSS vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-2781 Date: ==== 12-03-2015 dd/mm/yyyy Vendor: ====== Hotspot Express has been in the billing solution business sinc...