CVE-2026-5121 affecting package libarchive for versions less than 3.7.7-6

CVE-2026-5121 affecting package libarchive for versions less than 3.7.7-6. A patched version of the package is available...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the mcajaxmcjsaction function. An attacker can access sensitive event data from other sub-sites or cause a denial of service by sending crafted requests to the unauthenticated endpoin...

CVE-2026-40308

CVE-2026-40308 - My Calendar (WordPress) plugin : Affected versions are 3.7.6 and earlier. The mc_ajax_mcjs_action AJAX endpoint, exposed to unauthenticated users, passes user-supplied arguments through parse_str() without validation, enabling injection of arbitrary parameters including a site va...

EUVD-2026-23306

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

PT-2026-33370

Name of the Vulnerable Software and Affected Versions My Calendar versions prior to 3.7.7 Description An unauthenticated issue exists in the 'mc ajax mcjs action' AJAX endpoint, which is registered for unauthenticated users. The endpoint passes user-supplied arguments through the parse str functi...

CVE-2026-4816

A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...

CVE-2026-4816

A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...

CVE-2026-4815

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

CVE-2026-4816

A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...

Support Board 跨站脚本漏洞

Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains a cross-site scripting vulnerability, which stems from incorrect handling of the parameter 'search' in the file /supportboard/include/articles.php. This vulnerability may...

Support Board SQL注入漏洞

Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter calls0messageids in the file /supportboard/include/ajax.php, which may...

CVE-2026-32428

The CVE affects WordPress Popup Like box plugin

WordPress plugin Popup Like box 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Popup Like box plugin <= 3.7.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Popup Like box versions = 3.7.7...

CVE-2025-60753 affecting package libarchive for versions less than 3.7.7-4

CVE-2025-60753 affecting package libarchive for versions less than 3.7.7-4. A patched version of the package is available...

CVE-2025-67923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

CVE-2025-67923 WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

WordPress plugin JetEngine has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

MiracleLinux 7 : libarchive-3.1.2-14.0.2.el7.AXS7 (AXSA:2025-10751:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10751:03 advisory. CVE-2025-25724: fix buffer overflow vulnerability in libarchive CVEs: CVE-2025-25724 listitemverbose in tar/util.c in libarchive through 3.7.7 does not chec...

CVE-2023-4726

The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...