61 matches found
PT-2026-52164
Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description Stored Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize administrator-configured response messages. Specifically, the "Yes response", "No...
CVE-2026-6816
Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...
CVE-2026-4063
CVE-2026-4063 affects the WordPress plugin Social Icons Widget & Block by WPZOOM. The Red Hat and CVE records, corroborated by the Wordfence vulnerability report, describe a missing capability check in the add_menu_item() function hooked to admin_menu in all versions up to 4.5.8. This allows auth...
Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019
This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
DRUPAL-CONTRIB-2025-123
This module enables you to deploy content from one Drupal website to another. The module provides some default configuration without sufficient access control. This vulnerability is mitigated by the fact that an administrator can add some default access control permission...
PT-2025-41422
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...
EUVD-2021-14897
Malware in sbrugna...
EUVD-2021-14898
Malware in sbrugna...
EUVD-2021-14894
Malware in sbrugna...
EUVD-2021-14893
Malware in sbrugna...
EUVD-2021-14895
Malware in sbrugna...
EUVD-2021-14899
Malware in sbrugna...
EUVD-2025-7486
Malicious code in bioql PyPI...
CVE-2023-6924
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2019-19903
An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list o...
CVE-2024-6486
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...
CVE-2024-6486
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...
CVE-2024-6486
The CVE refers to the ImageMagick Engine WordPress plugin vulnerable to OS Command Injection via the cli_path parameter in versions prior to 1.7.11. Exploitation requires authenticated administrators, enabling them to execute arbitrary OS commands and potentially achieve remote code execution on ...
CVE-2025-2076
CVE-2025-2076 : The WordPress plugin binlayerpress
CVE-2024-27275
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...