CVE-2026-5506

The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wave shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2026-5506

The CVE-2026-5506 entry concerns the WordPress Wavr plugin (versions up to 0.2.6). The vulnerability is a Stored Cross-Site Scripting flaw via the plugin’s wave shortcode attributes stemming from insufficient input sanitization and output escaping. The impact allows authenticated attackers with c...

CVE-2026-5506 Wavr <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wave shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

WordPress Wavr plugin <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Wavr versions = 0.2.6...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...

PT-2026-24682

🟠 CVE-2025-67298 - High An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile https://t.co/8wYmHccMqd https://t.co/YPBYyDSyrj...

HSEC-2025-0007 cmark-gfm: resource exhaustion due to quadratic complexity in parser

cmark-gfm: resource exhaustion due to quadratic complexity in parser cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service, due to...

EUVD-2006-3241

Malware in sbrugna...

EUVD-2018-4081

Malware in sbrugna...

EUVD-2019-0574

Malware in sbrugna...

EUVD-2025-14324

Malicious code in bioql PyPI...

CVE-2025-60177 WordPress Recaptcha – wp Plugin <= 0.2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a through = 0.2.6...

CVE-2025-60177 WordPress Recaptcha – wp Plugin <= 0.2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a through = 0.2.6...

CVE-2025-60177

CVE-2025-60177 describes a Stored XSS in the Recaptcha – wp WordPress plugin. Affected: Recaptcha – wp from n/a through 0.2.6. Root cause: improper neutralization of input during web page generation. Impact per CVSS: Confidentiality/Integrity/Availability Low, but attacker requires High privilege...

PT-2025-39615

Name of the Vulnerable Software and Affected Versions rozx Recaptcha – wp versions through 0.2.6 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-Site Scripting XSS. This means that malicious scripts can be...

Linux Distros Unpatched Vulnerability : CVE-2025-46717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine...

Linux Distros Unpatched Vulnerability : CVE-2025-46718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single...

@custom-lib/design-system (>=0.1.0 <=0.1.4) potentially affected by unknown CVE via @react-native-aria/separator (=0.2.6)

@react-native-aria/separator NPM version =0.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/separator and may be impacted: - @custom-lib/design-system =0.1.0, =0.1.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-4787...

DEBIAN-CVE-2025-46718

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...