CVE-2026-28507

CVE-2026-28507 affects Idno (social publishing platform). Public disclosures and Red Hat/Veracode entries describe two chained vulnerabilities leading to remote code execution: 1) Arbitrary PHP file write during WordPress import via importImagesFromBodyHTML, leveraging uncontrolled outbound fopen...

CVE-2025-13984

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

EUVD-2025-206437

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

CVE-2025-13984 Next.js - Critical - Access bypass - SA-CONTRIB-2025-122

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

Drupal Next.js security vulnerabilities

Drupal Next.js is a module within the Drupal community that enables a deep integration between Drupal and Next.js. Versions of Drupal Next.js prior to 1.6.4 and 2.0.1 contained security vulnerabilities. These vulnerabilities were due to overly lax cross-domain security policies, which could lead ...

PT-2026-5199

Name of the Vulnerable Software and Affected Versions Drupal CKEditor 5 Premium Features versions 0.0.0 through 1.2.9 Drupal CKEditor 5 Premium Features versions 1.3.0 through 1.3.5 Drupal CKEditor 5 Premium Features versions 1.4.0 through 1.4.2 Drupal CKEditor 5 Premium Features versions 1.5.0...

CVE-2025-59556

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup GoStore gostore allows Reflected XSS.This issue affects GoStore: from n/a through 1.6.4...

CVE-2025-59556

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup GoStore gostore allows Reflected XSS.This issue affects GoStore: from n/a through 1.6.4...

CVE-2025-58964

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through 1.6.4...

CVE-2025-59556

CVE-2025-59556 is a reflected XSS vulnerability in the WordPress GoStore theme/plugin GoStore gostore, caused by improper input neutralization during page generation. Affected software is GoStore gostore versions prior to 1.6.4 (GoStore: from n/a through

PT-2025-45257

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup GoStore gostore allows Reflected XSS.This issue affects GoStore: from n/a through 1.6.4...

PT-2025-45249

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through 1.6.4...

WordPress Enzy theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Enzy versions 1.6.4...

Linux Distros Unpatched Vulnerability : CVE-2020-35380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. CVE-2020-35380 Note that Nessus relies on the presence of the package as...

CVE-2023-22309

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4...

CVE-2022-1394

The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

WordPress plugin XPlainer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

UBUNTU-CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

CVE-2023-22309

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4...

CVE-2023-22294

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions...