CVE-2026-2735

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

Why Cloud Reliability Depends on Imperfect Software

...

CVE-2025-12074

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

CVE-2026-2284

CVE-2026-2284 concerns the News Element Elementor Blog Magazine plugin for WordPress (

WordPress plugin News Element Elementor Blog Magazine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

编号撤回

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Alkacon OpenCMS 跨站脚本漏洞

Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Version 18.0 of Alkacon OpenCMS contains a cross-site scripting vulnerability. This vulnerability arises from improper input validation of the text parameter when sending a POST request to...

PT-2026-20772

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

PT-2026-20640

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne clean data' AJAX action. This makes it possible for authenticated attackers...

WordPress News Element Elementor Blog Magazine plugin <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability

Missing Authorization to Authenticated Subscriber+ Data Loss vulnerability discovered by Legion Hunter in WordPress Plugin News Element Elementor Blog Magazine versions = 1.0.8...

CVE-2025-70152

creationtimestamp| type| source ---|---|--- 2026-02-18 18:32:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5pnzs53q2w...

CVE-2025-70150

creationtimestamp| type| source ---|---|--- 2026-02-18 18:32:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5pnzain52i 2026-02-18 19:00:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5ra2iiyb2c...

CVE-2025-70148

creationtimestamp| type| source ---|---|--- 2026-02-18 18:32:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5pnyqhuz2h 2026-02-18 19:00:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5rahomoq2k...

CVE-2025-14009

creationtimestamp| type| source ---|---|--- 2026-02-18 18:32:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5pnybld22m 2026-02-18 19:00:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5rababgq2h...

From Clawdbot to OpenClaw: Practical Lessons in Building Secure Agents

...

CVE-2026-1426

creationtimestamp| type| source ---|---|--- 2026-02-18 15:32:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5flzaxdk2e 2026-02-18 15:32:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5fnakky42s 2026-02-18 18:30:17+00:00| seen|...

CVE-2025-12074

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

CVE-2025-12074

CVE-2025-12074 affects Context Blog (WordPress theme) up to version 1.2.5, enabling unauthenticated information exposure through context_blog_modal_popup due to insufficient post-access restrictions. Impact is exposure of data from password-protected, private, or draft posts. Public advisories fr...

CVE-2025-12074 Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...