855 matches found
CVE-2025-11451
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...
SUSE CVE-2025-62714
Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...
VulnCheck KEV: CVE-2025-11749
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract th...
EUVD-2025-37421
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
Malicious code in react-web-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4085854cc31bff9ffd272cf1faf16a2cbe3d67d700b330ef7d21108bdd0f05e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36849
Malicious code in react-web-api npm...
Malicious Package
Overview react-web-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-49038 Malicious code in react-web-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4085854cc31bff9ffd272cf1faf16a2cbe3d67d700b330ef7d21108bdd0f05e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-34133
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...
Cross-site Scripting (XSS)
org.apache.geode, geode-web-api is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the web API REST interface, which allows an attacker to inject malicious scripts and execute arbitrary code on the returned page, potentially leading to...
WordPress SureForms plugin information disclosure vulnerability
WordPress SureForms plugin is a visual form builder plugin designed for WordPress , support drag and drop operation , no programming foundation to quickly build responsive forms . An information disclosure vulnerability exists in the WordPress SureForms plugin, which stems from improper access...
CVE-2024-44088
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
EUVD-2024-55032
Apache Geode web-api is vulnerable to Cross-site Scripting...
GHSA-W595-4975-GM3H Apache Geode web-api is vulnerable to Cross-site Scripting
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088 Apache Geode: Reflected XSS
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088 Apache Geode: Reflected XSS
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088
Apache Geode web-api (REST) is affected by a Cross-site Scripting (XSS) vulnerability that can be exploited when a logged-in user is tricked into clicking a crafted link, potentially enabling code execution on the victim page and leading to session information theft or account takeover. All Geode...