1395 matches found
CVE-2025-9622 WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing
The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for...
CVE-2025-56404
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation...
CVE-2025-56404
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation...
PT-2025-37024
Name of the Vulnerable Software and Affected Versions: Maspik – Ultimate Spam Protection plugin for WordPress versions through 2.5.6 Description: The Maspik – Ultimate Spam Protection plugin for WordPress is susceptible to a Cross-Site Request Forgery issue. This is due to insufficient or incorre...
Linux Distros Unpatched Vulnerability : CVE-2023-2848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. CVE-2023-2848 Not...
GHSA-RF24-WG77-GQ7W listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover
Summary Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...
CVE-2025-42929 Missing input validation vulnerability in SAP Landscape Transformation Replication Server
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database...
PT-2025-36549
Name of the Vulnerable Software and Affected Versions: SAP ABAP Reports affected versions not specified Description: Due to missing input validation in ABAP reports, an attacker with high privilege access could delete the content of arbitrary database tables if the tables are not protected by an...
GHSA-HJFH-P8F5-24WR Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...
CVE-2025-41057
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/richtexteditor...
CVE-2025-9515 Multi Step Form <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload
The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...
CVE-2025-30199
ECOVACS vacuum robot base stations are described as not validating firmware updates and operating over an insecure Wi‑Fi link with a deterministic WPA2‑PSK key that can be derived from the device serial number. This enables potential malicious over‑the‑air updates or code execution through the up...
Online Shopping Portal File Upload Vulnerability
Online Shopping Portal is an online store. A file upload vulnerability exists in Online Shopping Portal, which stems from a lack of extension validation in /admin/insert-product.php, and can be exploited by an attacker to cause arbitrary file uploads...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...
Complaint Management System SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...
CVE-2025-41055
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...
CVE-2025-41043
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAppReportCodeid' and 'dataAppReportCodename' parameters in /apprain/appreport/manage/...
CVE-2025-41052 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...
CVE-2025-41042
appRain CMF 4.0.5 is affected by a stored authenticated XSS in /apprain/information/manage/emailtemplate/add due to insufficient validation of input in data[Option][message], data[Option][subject], and data[Option][templatetype]. Impact cited includes cookie-based credential theft; exploitation s...
CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...