CVE-2026-45443

CVE-2026-45443 affects the WordPress plugin PDF for Elementor Forms + Drag And Drop Template Builder (versions

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 5.5.1...

CVE-2025-12803

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'btbbtabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2025-206897

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'btbbtabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-25486

CVE-2026-25486 : Craft Commerce (Craft CMS) versions 5.0.0–5.5.1 contain a stored XSS in the Shipping Methods Name field in Store Management, allowing an attacker with store settings/shipping permissions to execute malicious JavaScript in an administrator’s browser. The issue is fixed in version ...

CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions 5.0.0 to 5.5.1 of Craft Commerce contain a cross-site scripting vulnerability. This vulnerability arises from the transport method name field in the store management section not being properly...

CVE-2023-25032

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Print, PDF, Email by PrintFriendly plugin = 5.5.1 versions...

RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework from the Chinese organization dromara. A security vulnerability exists in RuoYi-Vue-Plus 5.5.1 and earlier versions, which stems from unfiltered user input and could lead to arbitrary file reading and writing...

PT-2026-1867

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions 5.5.1 and earlier Description The snailjob component in RuoYi-Vue-Plus does not filter user input when executing QLExpress expressions through the /snail-job/workflow/check-node-expression API endpoint. This allows...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

WordPress BackWPup plugin 5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin BackWPup versions 5...

@avorati/strapi-plugin-preview (=1.0.1), @catchmexz/fedin-cms (>=5.30.1 <=5.30.2) +26 more potentially affected by CVE-2024-56143 via @strapi/core (>=5.0.0 <=5.5.1)

@strapi/core NPM version =5.0.0, =5.30.1, =1.0.0, =2.3.1, =2.0.2, =0.1.0, =2.0.0, =1.0.1, =5.0.0, =0.1.0, =0.2.0, =0.5.0 - cypherscan-strapi =0.1.1 - keycloak-auth-plugin =0.0.1 - my-shopify-app-backend =0.1.0 and more Source cves: CVE-2024-56143 Source advisory: OSV:GHSA-495J-H493-42Q2...

CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

CVE-2024-56143

Strapi 5.0.0–5.5.1 is vulnerable due to improper sanitization of the document service lookup operator for private fields, enabling an attacker to access sensitive data (e.g., admin passwords, reset tokens). The issue is fixed in Strapi 5.5.2. Affected software, root cause, and impact are corrobor...

EUVD-2010-4997

Malware in sbrugna...

EUVD-2013-4957

Malware in sbrugna...

EUVD-2005-3714

Malware in sbrugna...

Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login

WatchTowr finds a serious flaw in Dell UnityVSA CVE-2025-36604 letting attackers run commands without login. Dell issues patch 5.5.1 - update now...

EUVD-2022-49566

Malicious code in bioql PyPI...