CVE-2026-39572

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/...

WordPress plugin Bus Ticket Booking with Seat Reservation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

GHSA-68Q5-78XP-CWWC Contao is vulnerable to cross-site scripting in templates

Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. Workarounds Do not use the affected templates or patch them manually. Refsources...

CVE-2025-65961

Contao CMS vulnerability CVE-2025-65961 enables cross-site scripting via template output in affected templates. Affected versions: 4.0.0–4.13.57, 5.0–before 5.3.42, and before 5.6.5. Root cause: injection of code into template output executed in both front-end and back-end browsers. Mitigation/Re...

CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

CVE-2025-65960 Contao is vulnerable to remote code execution in template closures

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...

CVE-2025-65960

The CVE-2025-65960 vulnerability affects Contao CMS prior to versions 4.13.57, 5.3.42, and 5.6.5. It exploits insufficient input handling in the Template::once() method within template closures, allowing backend users with content-control privileges to execute arbitrary PHP functions that lack re...

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao versions 4.0.0 through 4.13.57 prior, 5.3.42 prior, and 5.6.5 prior, which stems from...

EUVD-2020-4956

Malware in sbrugna...

EUVD-2024-17290

Malicious code in bioql PyPI...

CVE-2025-24539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Reflected XSS.This issue affects DeBounce Email Validator: from n/a through = 5.6.5...

WordPress plugin DeBounce Email Validator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-26971 WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through = 5.6.5...

WordPress plugin DeBounce Email Validator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in WolfSSL versions prior to 5.6.5, which can be exploited by an attacker to obtain the sub-cache line resolution of each...

CVE-2024-5555

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and...

PT-2024-36549 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.5 Description: The issue is related to Stored Cross-Site Scripting via the social-link-title parameter due to insufficient input sanitization and output...

OPENSUSE-SU-2024:12592-1 ruby3.1-rubygem-puma-5-5.6.5-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-puma-5-5.6.5-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2022-15754 · Snyk · Snyk-Python-Plugin +7

Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1064.0 snyk-mvn-plugin versions prior to 2.31.3 snyk-gradle-plugin versions prior to 3.24.5 @snyk/snyk-cocoapods-plugin versions prior to 2.5.3 snyk-sbt-plugin versions prior to 2.16.2 snyk-python-plugin versions prio...

WordPress Multiple Vulnerabilities (Sep 2021) - Windows

WordPress is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...