565 matches found
CVE-2026-8489
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...
EUVD-2026-41486
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...
CVE-2026-8489 Ultimate Member <= 2.11.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Non-HTML Custom Textarea Profile Field
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...
CVE-2026-8489
The CVE-2026-8489 case involves the WordPress plugin Ultimate Member (User Profile, Registration, Login, etc.). Affected: all versions up to 2.11.4. Vulnerability: Stored Cross-Site Scripting via the about_me field in user profiles, caused by insufficient input sanitization and output escaping. I...
CVE-2026-8489
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...
PT-2026-55497
Name of the Vulnerable Software and Affected Versions Ultimate Member versions prior to 2.11.5 Description The Ultimate Member plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping when handling the about me...
CVE-2026-38972
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...
PT-2026-55312
Name of the Vulnerable Software and Affected Versions Notepad3 versions prior to 6.25.822.2 Description A DLL search-order hijacking issue exists in the About-dialog code path within src/Notepad3.c. The application uses the LoadLibrary function to load MSFTEDIT.DLL using a bare name. This allows ...
CVE-2026-38972
Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...
CVE-2026-38972
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...
CVE-2026-38972
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...
CVE-2026-38972
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...
CVE-2025-63041
CVE-2025-63041 affects the WordPress plugin Forget About Shortcode Buttons (versions
CVE-2025-63041 WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability
Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...
PT-2026-52709
Name of the Vulnerable Software and Affected Versions Forget About Shortcode Buttons versions prior to 2.1.4 Description Broken access control allows contributors to perform unauthorized actions within the software. Recommendations Update to a version newer than 2.1.3...
EUVD-2026-36505
Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly...
Malicious code in @klapp-about/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...
EUVD-2018-21928
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...
CVE-2018-25406
CVE-2018-25406 affects the eNdonesia Portal 8.7, where multiple SQL injection vulnerabilities allow unauthenticated attackers to run arbitrary SQL queries via mod.php. The attacker can inject SQL through parameters artid, cid, did, contid, and aboutid across modules including publisher, diskusi, ...
PT-2026-45106
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...