MINI-HPF2-6626-94XG

Bulletin has no description...

CVE-2026-6626

creationtimestamp| type| source ---|---|--- 2026-04-20 12:00:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwgajjfs32v...

CVE-2026-6626 Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

CVE-2025-6626

The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via API URL vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via API URL vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin ShortPixel Adaptive Images versions = 3.10.4...

CVE-2023-6626

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

CVE-2019-6626

On BIG-IP AFM, Analytics, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the Configuration utility...

CVE-2018-6626

In Micropoint proactive defense software 2.0.20266.0146, the driver file mp110005.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000035...

CVE-2006-6626

Cross-site scripting XSS vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from...

WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Broken Access Control

Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fddc69a5e9e3 Credits Lucio Sá Required privilege...

CGA-6626-6R46-9FQ2

Bulletin has no description...

CVE-2023-6626

creationtimestamp| type| source ---|---|--- 2024-01-22 21:31:30+00:00| seen| https://t.me/ctinow/171447 2024-01-26 23:16:36+00:00| seen| https://t.me/ctinow/174533 2024-02-16 10:41:37+00:00| seen| https://t.me/ctinow/186248...

CVE-2023-6626

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

CVE-2023-6626 Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

CVE-2023-6626 Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

CVE-2023-6626

The CVE concerns the WordPress plugin Product Enquiry for WooCommerce, affected versions prior to 3.1. The issue is that the plugin does not sanitise and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (s...

Debian: Security Advisory (DLA-757-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0291)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0324)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-6626

CVE-2019-6626 is a reflected cross-site scripting (XSS) flaw affecting BIG-IP TMUI (Configuration utility) on multiple editions: 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4. The issue exists on an undisclosed TMUI page and can allow an attacker to execute...