CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

CVE-2026-44212

CVE-2026-44212 concerns PrestaShop's back-office Customer Service view. A stored XSS exists where an unauthenticated attacker can submit the public Contact Us form with a malicious email; the payload is stored in the database and executes when a back-office employee opens the affected customer th...

CVE-2026-6712

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

PT-2026-33921

Name of the Vulnerable Software and Affected Versions LLMs.txt plugin for WordPress versions prior to 8.2.7 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in admin settings. Authenticated attackers with administrator-lev...

CVE-2026-27068

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through = 8.2.6...

EUVD-2026-13089

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Howard Website LLMs.Txt allows Reflected XSS.This issue affects Website LLMs.Txt: from n/a through 8.2.6...

WordPress Quick Contact Form plugin <= 8.2.6 - Unauthenticated Open Mail Relay vulnerability

Unauthenticated Open Mail Relay vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Quick Contact Form versions = 8.2.6...

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability in the comment tags...

Security update for qemu

This update for qemu fixes the following issues: Fix bsc1221812: block: Reschedule query-block during qcow2 invalidation bsc1221812 Fix bsc1229007, CVE-2024-7409: nbd/server: CVE-2024-7409: Close stray clients at server-stop bsc1229007 nbd/server: CVE-2024-7409: Drop non-negotiating clients...

SUSE-SU-2025:20036-1 Security update for qemu

This update for qemu fixes the following issues: - Fix bsc1221812: block: Reschedule query-block during qcow2 invalidation bsc1221812 - Fix bsc1229007, CVE-2024-7409: nbd/server: CVE-2024-7409: Close stray clients at server-stop bsc1229007 nbd/server: CVE-2024-7409: Drop non-negotiating clients...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2024:2983-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2983-1 advisory. - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command bsc1227322 -...

WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...

WordPress Soledad premium theme <= 8.2.5 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Dave Jong in WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...

Soledad < 8.2.6 - Subscriber+ Cross-Site Scripting

The plugin does not sanitise and escape a parameter, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

Pegasystem PEGA Platform Cross-Site Scripting Vulnerability (CNVD-2020-27232)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A cross-site scripting vulnerability...

Pegasystem PEGA Platform Richtext Editor Cross-Site Scripting Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem in the UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real-time Decision Making and CRM Customer Relationship Management.Richtext Editor is one of the...

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability in the comment tags...

CVE-2020-8774

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function...

CVE-2020-8773

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability...