CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

CVE-2026-4801

The CVE-2026-4801 affects the WordPress plugin Page Builder Gutenberg Blocks – CoBlocks . It is a stored cross‑site scripting (XSS) vulnerability in the Events block that processes data from external iCal feeds. Root cause: insufficient output escaping of event titles, descriptions, and locations...

WordPress Widgets for Social Photo Feed plugin <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data vulnerability

Unauthenticated Stored Cross-Site Scripting via feeddata vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Widgets for Social Photo Feed versions = 1.7.9...

CVE-2026-5425

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-5425

The CVE-2026-5425 entry concerns the WordPress Widgets for Social Photo Feed plugin. A stored XSS vulnerability exists in all versions up to 1.7.9, caused by insufficient input sanitization and output escaping in the feed_data parameter keys. Impact: unauthenticated attackers can inject arbitrary...

CVE-2026-5425

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2026-30317

Name of the Vulnerable Software and Affected Versions Widgets for Social Photo Feed plugin for WordPress versions up to and including 1.7.9 Description The Widgets for Social Photo Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the feed data parameter keys due to...

WordPress plugin Widgets for Social Photo Feed 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-54591

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

CVE-2021-34484

creationtimestamp| type| source ---|---|--- 2021-10-29 18:59:00+00:00| exploited| https://t.me/truesecator/2270 2021-10-29 22:19:37+00:00| published-proof-of-concept| https://t.me/hackertrick/363 2021-10-30 14:34:03+00:00| exploited| https://t.me/NeKaspersky/1395 2021-11-10 23:12:02+00:00|...

Google I/O 2017 application for Android has an unspecified vulnerability

Google I/O 2017 application for Android is a conference management application for Google's annual I/O conference based on the Android platform developed by Google USA. A security vulnerability exists in versions of the Google I/O 2017 application for Android-based platforms prior to 5.1.4, due t...

CVE-2017-0263

creationtimestamp| type| source ---|---|--- 2017-05-09 18:26:18+00:00| seen| MISP/59120865-27e0-4e6d-9b74-4a9f950d210f 2017-05-20 11:22:46+00:00| seen| https://t.me/canyoupwnme/1426 2018-02-21 07:47:18+00:00| seen| MISP/5a8d2377-208c-4330-908f-4818950d210f 2018-04-13 13:08:50+00:00|...