CVE-2026-41489

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

CVE-2026-41489 Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

PT-2026-39836

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

PT-2026-37240

Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description The dns.interface configuration field in Pi-hole FTL accepts newline characters without validation, which allows an attacker to inject arbitrary directives into the generated dnsmasq configuratio...

GHSA-848J-6MX2-7J84 Elliptic Uses a Cryptographic Primitive with a Risky Implementation

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

EUVD-2019-17148

Malware in sbrugna...

EUVD-2021-2533

Malware in sbrugna...

EUVD-2024-0593

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-24750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very...

CVE-2020-11839

Cross Site Scripting XSS vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting XSS or information disclosure...

CVE-2025-32244

CVE-2025-32244 describes a missing authorization vulnerability in the SEO Help WordPress plugin. The advisory notes misconfigured access control security levels, affecting SEO Help versions n/a through 6.7.9 (per initial description). Connected security sources corroborate the CVE’s association w...

WordPress plugin Click & Pledge Connect Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2025-28918

CVE-2025-28918 : Stored XSS in WordPress plugin Featured Image Thumbnail Grid up to version 6.6.1 . Root cause: improper neutralization of input during web page generation in the plugin, enabling stored cross-site scripting. Affected product/component: WordPress Plugin – Featured Image Thumbnail ...

CVE-2025-28918 WordPress Featured Image Thumbnail Grid plugin <= 6.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featured Image Thumbnail Grid: from n/a through = 6.8...

Information Exposure

Overview org.webjars.npm:elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Information Exposure due to the sign function which allows an attacker to extract the private key from an ECDSA signature by signing a...

CVE-2024-13459

The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesknewcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin FuseDesk 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16961 · WordPress · Wp-Speedup Block Editor Bootstrap Blocks

Name of the Vulnerable Software and Affected Versions: WP-speedup Block Editor Bootstrap Blocks versions through 6.6.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This lets an...

WordPress plugin Block Editor Bootstrap Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Block Editor Bootstrap Blocks Plugin <= 6.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Block Editor Bootstrap Blocks Type Plugin Vulnerable versions = 6.6.1 Fixed in 6.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-11402 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0635cf898925 Credits Le Ngoc Anh Requir...