6108 matches found
PT-2026-20881
Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.51.5 Description A flaw exists in Svelte where, during server-side rendering, the tag name provided to the component is not validated or sanitized before being included in the HTML output. This can lead to HTML...
PT-2026-20640
The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne clean data' AJAX action. This makes it possible for authenticated attackers...
PT-2026-20873
When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...
WordPress News Element Elementor Blog Magazine plugin <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability
Missing Authorization to Authenticated Subscriber+ Data Loss vulnerability discovered by Legion Hunter in WordPress Plugin News Element Elementor Blog Magazine versions = 1.0.8...
WordPress Plugin 'LA Studio Element Kit for Elementor' < 1.6.0 Unauthenticated Privilege Escalation via Backdoor
The WordPress application running on the remote host has a version of the 'LA Studio Element Kit for Elementor' plugin that is prior to 1.6.0. It is, therefore, affected by an unauthenticated privilege escalation vulnerability. The plugin contains a backdoor that allows unauthenticated attackers ...
php: heap-based buffer overflow in array_merge()
A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...
BIT-DOTNET-SDK-2026-21218 .NET Spoofing Vulnerability
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-1793
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...
CVE-2026-1793
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...
CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...
CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...
EUVD-2026-5833
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...
CVE-2026-1793
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...
CVE-2026-1793
The CVE-2026-1793 entry concerns the Element Pack Addons for Elementor plugin for WordPress. All versions up to and including 8.3.17 are vulnerable via the SVG widget due to insufficient file validation in the render_svg function, enabling authenticated attackers with contributor-level access or ...
WordPress plugin Element Pack Addons for Elementor 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper parsing of the TID-To-Link Mapping element, potentially leading to out-of-bounds reads...
CVE-2026-24044
Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a logical error in the reverse generation mask check logic within the nftmapcatchallactivate...
CVE-2026-24044
Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...
CVE-2026-24044
Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...