PT-2026-23065

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 9.15.7 Description The XWiki blog application is susceptible to Stored Cross-Site Scripting XSS through the Blog Post Title. The issue occurs because the post title is directly inserted into the HTML tag without...

CVE-2019-25435

creationtimestamp| type| source ---|---|--- 2026-02-26 04:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfqdrtqnrp2q...

CVE-2019-25354

creationtimestamp| type| source ---|---|--- 2026-02-20 13:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfcabnyf2y2u...

PT-2026-20772

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

CVE-2025-14009

creationtimestamp| type| source ---|---|--- 2026-02-18 18:32:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5pnybld22m 2026-02-18 19:00:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5rababgq2h...

CVE-2026-1426

creationtimestamp| type| source ---|---|--- 2026-02-18 15:32:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5flzaxdk2e 2026-02-18 15:32:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5fnakky42s 2026-02-18 18:30:17+00:00| seen|...

ICE Is Crashing the US Court System in Minnesota

Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US...

LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days

This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bu...

Cross-site Scripting (XSS)

Overview OrchardCore is an application framework for building modular, multi-tenant applications on ASP.NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MarkdownBodyPart.Source parameter during blog post creation. An attacker can execute arbitrary...

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting (XSS) vulnerability that lets an attacker inject malicious JavaScript via blog posts. The flaw is triggered when embedded JavaScript is placed in the MarkdownBodyPart.Source parameter during blog-post creation, allowing code execution in...

CVE-2025-68547

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

CVE-2025-68547 WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

CVE-2025-68547 WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

WordPress plugin WPweb Follow My Blog Post 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security vulnerabilit...

WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Follow My Blog Post versions = 2.4.0...

Linux Distros Unpatched Vulnerability : CVE-2023-53952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through th...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2025-64258

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through = 2.3.9...