6701 matches found
WP BASE Booking - Reflected XSS
WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...
WordPress TS Poll < 2.4.0 - SQL Injection
WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...
MetInfo CMS <= 8.1 - Remote Code Execution
MetInfo CMS 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability caused by insufficient input neutralization in the execution path, letting remote attackers execute arbitrary code remotely, exploit requires crafted requests. id: CVE-2026-29014 info: name: MetInfo CMS = 8....
PublishPress Capabilities < 2.3.1 - Missing Authorization
The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator. id: CVE-2021-25032...
Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
WordPress Job Portal < 2.0.6 - SQL Injection
The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...
WordPress Download Manager - File Password Exposure
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...
CodiMD <2.5.4 - Insecure Filename Randomization
CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...
FasterXML jackson-databind - Deserialization Remote Code Execution
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...
WordPress JoomSport <5.2.8 - SQL Injection
WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...
FoxCMS v.1.2.5 - Remote Code Execution
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. id: CVE-2025-29306 info: name: FoxCMS v.1.2.5 - Remote Code Execution author: ritikchaddha severity: critical description: | An issue in FoxCMS v.1.2.5 allows a...
SolarWinds Web Help Desk - Authentication Bypass
SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...
Flowise - Remote Code Execution
Flowise 3.0.5 contains a remote code execution vulnerability caused by unsafe evaluation of user input in the CustomMCP node's convertToValidJSONString function, letting remote attackers execute arbitrary code with full Node.js privileges, exploit requires user input to be processed by the...
Important: Red Hat Security Advisory: kernel update
Please update Please update...
Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2026-38488)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-38488 advisory. 21.1.3-20.3 - CVE fix for: CVE-2026-55999 Resolves: https://redhat.atlassian.net/browse/RHEL-191516 Tenable has extracted the preceding description block...
Fedora 43 : xorg-x11-server-Xwayland (2026-6a00d3109f)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6a00d3109f advisory. Update to xwayland 24.1.13, fixes for: CVE-2026-55999, CVE-2026-56000 Tenable has extracted the preceding description block directly from the Fedora...
Fedora 44 : xorg-x11-server (2026-28b7854014)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-28b7854014 advisory. Update to xserver 21.1.24, fixes for: CVE-2026-55999, CVE-2025-56000 Tenable has extracted the preceding description block directly from the Fedora...
MiracleLinux 9 : nginx-1.20.1-28.el9_8.2.ML.1 (AXSA:2026-1233:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-1233:04 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...
Fedora 44 : pam (2026-377015b34b)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-377015b34b advisory. pamuserdb: fix password comparison timing leak Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...