77 matches found
Directory Traversal
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Directory Traversal via the Loader.candidates resolution when require.resolve is used as a fallback; an attacker can read arbitrary...
CVE-2018-1000604
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user...
EUVD-2020-19501
Malware in sbrugna...
EUVD-2024-16408
Malicious code in bioql PyPI...
EUVD-2022-51850
Malicious code in bioql PyPI...
EUVD-2025-13823
Malicious code in bioql PyPI...
EUVD-2024-0652
Malicious code in bioql PyPI...
EUVD-2024-54000
Malicious code in bioql PyPI...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1966)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Publishers: How to Block AI Bots and Reclaim Control of Your Content
...
CVE-2022-4509
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...
CVE-2021-42749
In Beaver Themer, attackers can bypass conditional logic controls for hiding content when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set...
CVE-2020-26977
By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. Note: This issue only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 84...
CVE-2025-47501
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...
CVE-2025-47501
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...
CVE-2025-47501 WordPress Content Control plugin <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...
CVE-2025-47501
CVE-2025-47501 : DOM-based XSS in WordPress plugin Content Control (
CVE-2025-47501 WordPress Content Control plugin <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...
WordPress Content Control plugin <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Content Control versions = 2.6.1...
PT-2025-20125 · Code Atlantic · Code Atlantic Content Control
Name of the Vulnerable Software and Affected Versions: Code Atlantic Content Control versions n/a through 2.6.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS attacks. This means that an attacker could potentially...