GHSA-855C-R2VQ-C292 Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

CVE-2026-35569

CVE-2026-35569 affects ApostropheCMS <= 4.28.0. A stored XSS in SEO fields (SEO Title and Meta Description) allows injecting JavaScript via improper output encoding into HTML contexts such as , attributes, and JSON-LD. This can enable an authenticated user to execute arbitrary JS in the admin...

PT-2026-24089

Name of the Vulnerable Software and Affected Versions PowerSync versions prior to 1.20.1 Description The PowerSync Service, a server-side component of the PowerSync sync engine, had an issue in version 1.20.0 where subquery filters were ignored when determining data synchronization for users with...

CVE-2026-27579 CollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data Exposure

CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue...

CVE-2026-27579

CollabPlatform is affected by a CORS misconfiguration in the Appwrite component that allows arbitrary origins to make credentialed requests. This enables an attacker-controlled domain to issue authenticated cross-origin requests and read sensitive user data (emails, account identifiers, MFA statu...

GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

EUVD-2010-0129

Malware in sbrugna...

EUVD-2016-3543

Malware in sbrugna...

EUVD-2022-2037

Malicious code in bioql PyPI...

CVE-2024-29036

Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...

CVE-2024-10797

The CVE-2024-10797 entry concerns the WordPress plugin Full Screen Menu for Elementor. Affected: Full Screen Menu for Elementor (WordPress plugin) up to version 1.0.7. Nature: Information Exposure via the Full Screen Menu Elementor Widget, caused by insufficient restrictions on which posts can be...

WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Seraphinite Accelerator versions = 2.22.15...

CVE-2024-52323

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

ZOHO ManageEngine Analytics Plus 安全漏洞

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. A security vulnerability exists in ZOHO ManageEngine Analytics Plus prior to version 6100 that stems from vulnerability to an authenticate...

PT-2025-2311 · Ibm · Ibm Sterling File Gateway

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.1 Description: The issue is related to improper access controls, which could allow an authenticated user to perform unauthoriz...

Drupal Freelinking module < 4.0.1 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Matthew Radcliffe in WordPress Module Freelinking versions 4.0.1...

Drupal Content Entity Clone module < 1.0.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Vojislav Jovanovic in WordPress Module Content Entity Clone versions 1.0.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Otter Blocks PRO versions = 2.6.11...

Mirumee Software Saleor Storefront 安全漏洞

Mirumee Software Saleor Storefront is a web-based, single-page e-commerce application from Mirumee Software, Poland. A security vulnerability exists in Mirumee Software Saleor Storefront that stems from the fact that when any user authenticates in the storefront, an anonymous user can access its...