PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

JLSEC-2026-461 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in...

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

CVE-2023-54363

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...

Joomla Solidres 跨站脚本漏洞

Joomla Solidres is an open-source extension for hotel booking and room status management by Solidres. Version 2.13.3 of Joomla Solidres contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of multiple GET parameters, which may lead to reflective cross-si...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...

n8n 跨站脚本漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the absence of binary data endpoint response headers, which could lead to cross-site...

PT-2026-28080

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.26 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform susceptible to a SQL injection issue in the Data Table Get node. An authenticated user with appropriate...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

n8n 注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained injection vulnerabilities. These vulnerabilities stemmed from defects in the LDAP node filter escaping logic, which could allow attackers to manipulate filter...

Debian dsa-6168 : freetype2-demos - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6168 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6168-1 [email protected] https://www.debian.org/security/ Moritz...

EUVD-2026-9195

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

Linux Distros Unpatched Vulnerability : CVE-2026-23865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read...

WordPress OpenPix plugin <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset vulnerability

Subscriber+ Payment Gateway Settings Reset vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin OpenPix versions = 2.13.3...

websitebaker 跨站脚本漏洞

websitebaker is a PHP-based content management system organized by WebsiteBaker. Its features include a template-based front-end interface, paging support, multi-user management, and more. A cross-site scripting vulnerability exists in websitebaker version 2.13.3, which stems from a stored...

CVE-2023-53902

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...

CVE-2023-53903 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via SVG File Upload

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

CVE-2023-53903

Summary: CVE-2023-53903 affects WebsiteBaker 2.13.3 with a stored cross-site scripting (XSS) vulnerability. Authenticated users can upload SVG files containing embedded JavaScript; the script executes when the file is viewed, enabling persistent XSS. Affected component: WebsiteBaker 2.13.3, vulne...

CVE-2023-53903 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via SVG File Upload

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

websitebaker 安全漏洞

websitebaker is a PHP-based content management system for individual developers. Its features include template-based front-end interface, paging support, multi-user management, etc. WebsiteBaker 2.13.3 has a security vulnerability that originates from a directory traversal vulnerability. A securi...

EUVD-2025-203368

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...