Security Bulletin: Resolved a vulnerability in PostCSS versions prior to 8.5.10

Summary Versions prior to 8.5.10 have a vulnerability enabling XSS, we updated the version of PostCSS to version 8.5.10 which resolved the issue Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the...

NPM: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

NPM: PostCSS has XSS via Unescaped in its CSS Stringify Output vulnerability discovered by ? in WordPress Npm postcss versions 8.5.10...

PT-2026-34839

Name of the Vulnerable Software and Affected Versions PostCSS versions prior to 8.5.10 Description PostCSS transforms CSS files into an Abstract Syntax Tree AST to analyze and modify rules. The software fails to escape sequences when stringifying CSS ASTs. If user-submitted CSS is parsed and then...

EUVD-2026-20176

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.5.10...

CVE-2026-39509

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.5.10...

CVE-2026-39509

The CVE-2026-39509 entry affects the WordPress plugin Directorist (Directorist) and is caused by a Missing Authorization vulnerability due to incorrectly configured access control. Affected range is Directorist versions up to and including 8.5.10. The issue is described as a broken access control...

CVE-2026-39509

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.5.10...

PT-2026-31137

CVE-2026-39509 Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct… https://t.co/jH3xoZimNJ...

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-68069

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-68069 WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-68069 WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-68069

CVE-2025-68069 is a Missing/Broken Access Control vulnerability in the WordPress plugin Directorist (Directorist: AI-Powered Business Directory, Listings & Classified Ads) affecting versions up to 8.6.6. The root cause is incorrectly configured access control security levels, enabling unauthorize...

PT-2026-21085

Name of the Vulnerable Software and Affected Versions Directorist versions through 8.5.10 Description An authorization issue exists in wpWax Directorist, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Directorist to a version later than 8.5....

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2024-36721

Malicious code in bioql PyPI...

EUVD-2022-7408

Malicious code in bioql PyPI...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus 8510 and prior versions, which stems from an authenticated SQL injection in the Alerts module...

PT-2024-27617 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder versions through 8.5.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be...

GHSA-XJ33-8R43-R227 Concrete CMS vulnerable to cross-site scripting in the text input field

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Remediate by...