9 matches found
WordPress Simple History – Track, Log, and Audit WordPress Changes plugin <= 5.26.0 - Authenticated (Subscriber+) Account Takeover vulnerability
Authenticated Subscriber+ Account Takeover vulnerability discovered by lhking in WordPress Plugin Simple History versions = 5.26.0...
CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...
EUVD-2024-1815
Malicious code in bioql PyPI...
CVE-2024-35180
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180 OMERO.web JSONP callback vulnerability
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180 OMERO.web JSONP callback vulnerability
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180 OMERO.web JSONP callback vulnerability
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180
CVE-2024-35180 affects OMERO.web and arises from lack of escaping/validation of the JSONP callback parameter on endpoints with JSONP enabled. The vulnerability can be triggered via the callback parameter used by JSONP-enabled endpoints (e.g., webclient/imgData/...); this issue existed in OMERO.we...