29 matches found
SUSE CVE-2026-31801
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot's dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...
CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...
PT-2026-24461
Name of the Vulnerable Software and Affected Versions zot versions 1.3.0 through 2.1.14 Description zot is a container image/artifact registry based on the Open Container Initiative Distribution Specification. The dist-spec authorization middleware incorrectly infers the required action for PUT...
CVE-2025-67583
Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through = 2.1.15...
CVE-2025-67583
Missing Authorization vulnerability in ThemeAtelier IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through = 2.1.15...
CVE-2025-12877 IDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the pandingbloodrequestaction function in all versions up to, and including, 2.1.15. This makes it possible for...
CVE-2025-13058
A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as...
CVE-2025-13058
CVE-2025-13058 affects soerennb eXtplorer up to version 2.1.15. The vulnerability lies in an unknown function in the Filename Handler component, enabling cross-site scripting. The description notes remote exploitability. A patch is available: 002def70b985f7012586df2c44368845bf405ab3, and applying...
PT-2025-46703
Name of the Vulnerable Software and Affected Versions soerennb eXtplorer versions through 2.1.15 Description A security flaw exists in soerennb eXtplorer, potentially leading to cross site scripting. The issue resides within an unknown function of the Filename Handler component and can be exploit...
CVE-2025-10124
The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted...
CVE-2025-46812
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-46812
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-46812
CVE-2025-46812 affects the Trix rich-text editor. Versions before 2.1.15 are vulnerable to XSS when pasting malicious content, enabling execution of arbitrary JavaScript in the user session; this could lead to unauthorized actions or data disclosure. The issue is patched in version 2.1.15. Remedi...
CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-24621 WordPress Arconix Shortcodes plugin <= 2.1.15 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.15...
CVE-2020-27514
CVE-2020-27514 affects ZrLog 2.1.15; the vulnerability is a directory traversal in the admin.api.TemplateController deletion function due to inadequate path validation, enabling remote attackers to delete arbitrary files and cause DoS. No patch/version remediation details are provided in the conn...
Yatra < 2.1.15 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-1999 · Extplorer · Extplorer
Name of the Vulnerable Software and Affected Versions: eXtplorer version 2.1.15 Description: The issue is related to insecure permissions in the eXtplorer file manager, which can be exploited by a remote attacker to execute arbitrary code via the "index.php" component. This vulnerability is...
SUSE CVE-2011-4181
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 for 2.1 and before version 2.3...
Cross site request forgery (csrf)
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...