ROOT-APP-NPM-CVE-2026-44580 CVE-2026-44580 in @rootio/next - Patched by Root

Root has patched CVE-2026-44580 in the @rootio/next package for Root:npm. Multiple fixed versions available...

Next.js Framework 13.x < 15.5.16 / 16.x < 16.2.5 XSS

The Next.js Framework on the remote host is affected by a cross-site scripting vulnerability: - Applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before...

CVE-2026-44580

creationtimestamp| type| source ---|---|--- 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107...

PT-2026-39417

Name of the Vulnerable Software and Affected Versions Next.js versions 12.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description An external client can send an x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This causes the middleware or...

PT-2026-39418

Name of the Vulnerable Software and Affected Versions Next.js versions 14.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using React Server Components RSC are susceptible to cache poisoning when shared caches fail to correctly partition response variants. An...

PT-2026-39412

Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...

PT-2026-39411

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 15.5.16 Next.js versions prior to 16.2.5 Description Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A crafted POST request to a server action can...

CVE-2022-44580

creationtimestamp| type| source ---|---|--- 2023-03-15 17:24:55+00:00| seen| https://t.me/cibsecurity/60056...

CVE-2022-44580

SQL Injection SQLi vulnerability in RichPlugins Plugin for Google Reviews plugin = 2.2.3 versions...

CVE-2022-44580

The CVE-2022-44580 entry concerns a SQL Injection in the RichPlugins Plugin for Google Reviews plugin, affecting versions

CVE-2022-44580 WordPress Plugin for Google Reviews Plugin <= 2.2.3 is vulnerable to SQL Injection

SQL Injection SQLi vulnerability in RichPlugins Plugin for Google Reviews plugin = 2.2.3 versions...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

WordPress Plugin for Google Reviews Plugin <= 2.2.3 is vulnerable to SQL Injection

Software Plugin for Google Reviews Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-44580 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 5131a96c12f6 Credits Rafie Muhammad Patchstack Required...

dictionarist.com XSS vulnerability

Vulnerable URL: http://www.dictionarist.com/?word=" onfocus="alert'OPENBUGBOUNTY'" Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 11:18 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 44580 VIP website status...