2606 matches found
WordPress SP Blog Designer plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SP Blog Designer versions = 1.0.0...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-39892, CVE-2026-34073) and arbitrary code execution (CVE-2026-40087)
Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality CVE-2026-39892, CVE-2026-34073. Dashboard operands that use the App Connect Enterprise Agent are vulnerable to arbitrary code execution...
a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +630 more potentially affected by CVE-2026-42557 via jupyterlab (>=0.31.1 <=4.5.6)
jupyterlab PYPI version =0.31.1, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =0.1.0, =3.0.0, =4.33.0, =5.0.0 and more Source cves: CVE-2026-42557 Source advisory: OSV:GHSA-MQCG-5X36-VFCG...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of integrity, arbitrary code execution, denial of service and SSRF
Summary IBM App Connect Enterprise Certified Container Designer operands that use mapping assistance and Dashboard operands that use the App Connect Enterprise Agent are vulnerable to loss of integrity CVE-2026-28684, arbitrary code execution CVE-2026-28277, denial of service CVE-2026-40347 and...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality, denial of service and cross-site scripting
Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, GHSA-39q2-94rc-95cp, denial of service CVE-2026-33151, CVE-2026-32288 and cross-site scripting CVE-2026-27142. This bulletin...
CVE-2026-36765
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
WordPress Post List Designer – Category Post, Recent Post, Post List plugin <= 3.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Posts List Designer by Category – List Category Posts Or Recent Posts versions = 3.3.7...
CVE-2026-36765
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
EUVD-2026-26400
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
CVE-2026-36765
An XXE vulnerability affects SpringBlade v4.8.0 at the /designer/loadReport endpoint. The issue allows authenticated attackers to execute arbitrary code by injecting a crafted payload. The common details across sources identify the root cause as an XML external entity processing flaw, enabling co...
SpringBlade 代码问题漏洞
SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a code vulnerability. This vulnerability stems from XML external entity injection in the /designer/loadReport endpoint, which may allow authenticated attackers to execute arbitrary...
CVE-2026-36765
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
CVE-2026-36765
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
PT-2026-36153
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
CVE-2026-36765
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
EUVD-2026-25921
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
EUVD-2023-58146
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2026-3599
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...