CVE-2026-2027

CVE-2026-2027 concerns the AMP Enhancer – Compatibility Layer for Official AMP Plugin (WordPress). Affected: AMP Enhancer, all versions up to and including 1.0.49. Root cause: insufficient input sanitization and output escaping on AMP Custom CSS attributes. Impact: Stored Cross-Site Scripting (XS...

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

PT-2025-47248

Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit plugin for WordPress versions prior to 9.112.1 Description The software is susceptible to Stored Cross-Site Scripting through the veu custom css parameter. Insufficient input sanitization and output escaping on the...

CVE-2020-25216

yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...

GHSA-5M3J-PXH7-455P Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

PT-2024-5337 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 4.0.5 Apache CXF versions prior to 3.6.4 Apache CXF versions prior to 3.5.9 Description: A SSRF vulnerability in the WADL service description of Apache CXF allows an attacker to perform SSRF style attacks on REST...

CVE-2020-25216

yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...

Design/Logic Flaw

yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...

CVE-2020-25216

yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...

CVE-2020-25216

yWorks yEd Desktop before 3.20.1 is affected by a code execution vulnerability triggered by an XSL Transformation when processing an XML file with a custom stylesheet. The root cause is an XSLT processing path that allows arbitrary code execution in the context of the affected application. Affect...

PT-2020-16023 · Yworks · Yed Desktop

Name of the Vulnerable Software and Affected Versions: yWorks yEd Desktop versions prior to 3.20.1 Description: The issue allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. Recommendations: For versions prior to 3.20.1, update to versio...