CVE-2026-7209

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

CVE-2026-7209

CVE-2026-7209 concerns the WordPress plugin Simple Link Directory. The vulnerability is a Stored Cross-Site Scripting issue in the plugin’s qcopd-directory shortcode present in all versions up to 8.9.2. The root cause is insufficient input sanitization and output escaping for user-supplied shortc...

CVE-2026-7209 Simple Link Directory <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

CVE-2026-7209 Simple Link Directory <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...

CVE-2026-29109

Summary: CVE-2026-29109 affects SuiteCRM up to version 8.9.2, where the SavedSearch filter processing contains an unsafe deserialization flaw. The code path in FilterDefinitionProvider.php calls unserialize() on user-controlled data from the saved_search.contents column without restricting instan...

CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. A Critical Remote Code Execution RCE vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a direc...

Notepad++ 代码问题漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Versions of Notepad++ prior to 8.9.2 had a code vulnerability; this vulnerability stemmed from the use of an absolute executable path when launching the Windows Explorer, which could lead to arbitrary code executi...

CVE-2026-25926

CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

PT-2024-26732 · Automattic · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce versions through 8.9.2 Description: The issue is related to an Improper Neutralization of Special Elements in Output Used by a Downstream Component, also known as an 'Injection' vulnerability. This allows for Content Spoofing in...

PT-2024-27454 · Unknown · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: WooCommerce versions 8.8 through 8.8.4 WooCommerce versions 8.9 through 8.9.2 Description: A cross-site scripting vulnerability in WooCommerce allows a bad actor to manipulate a link to include malicious HTML and JavaScript content. The...

PT-2023-6648 · Unknown · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 7.17.13 and 8.9.2 Description: Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. However, it was found that this filtering was not applied when requests to...

Atlassian Jira 8.6.0 < 8.9.2 Disclosure Of Private Project Titles

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.0.6 prior to version 7.13.16, 8.0.0 prior to 8.5.7, 8.6.0 prior to 8.9.2 or 8.10.0 prior to 8.10.1. It is, therefore, affected by a vulnerability which allow remote attackers to view...

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

Realtyna RPL Joomla Extension 8.9.2 index.php 参数 Itemid SQL注入

No description provided by source...

Realtyna RPL 8.9.2 CSRF / Cross Site Scripting

Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on...

Sendmail 8.8.8 - 8.9.2 Parsing Redirection DoS Vulnerability

The remote Sendmail server, according to its version number, allows remote attackers cause a denial of service by sending messages with a large number of headers. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

CVE-2004-2003

Buffer overflow in the sslprcert function in the SSLway filter sslway.c for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long 1 subject or 2 issuer name field...