20 matches found
CVE-2026-53737
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...
CVE-2026-53737 Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...
CVE-2026-53737 Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...
PT-2026-48551
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...
WordPress plugin Juicer 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-4070
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...
CVE-2026-4801
The CVE-2026-4801 affects the WordPress plugin Page Builder Gutenberg Blocks – CoBlocks . It is a stored cross‑site scripting (XSS) vulnerability in the Events block that processes data from external iCal feeds. Root cause: insufficient output escaping of event titles, descriptions, and locations...
WordPress Widgets for Social Photo Feed plugin <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data vulnerability
Unauthenticated Stored Cross-Site Scripting via feeddata vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Widgets for Social Photo Feed versions = 1.7.9...
CVE-2026-5425
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-5425
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-5425
The CVE-2026-5425 entry concerns the WordPress Widgets for Social Photo Feed plugin. A stored XSS vulnerability exists in all versions up to 1.7.9, caused by insufficient input sanitization and output escaping in the feed_data parameter keys. Impact: unauthenticated attackers can inject arbitrary...
PT-2026-30317
Name of the Vulnerable Software and Affected Versions Widgets for Social Photo Feed plugin for WordPress versions up to and including 1.7.9 Description The Widgets for Social Photo Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the feed data parameter keys due to...
WordPress plugin Widgets for Social Photo Feed 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-54591
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
CVE-2021-34484
creationtimestamp| type| source ---|---|--- 2021-10-29 18:59:00+00:00| exploited| https://t.me/truesecator/2270 2021-10-29 22:19:37+00:00| published-proof-of-concept| https://t.me/hackertrick/363 2021-10-30 14:34:03+00:00| exploited| https://t.me/NeKaspersky/1395 2021-11-10 23:12:02+00:00|...
Google I/O 2017 application for Android has an unspecified vulnerability
Google I/O 2017 application for Android is a conference management application for Google's annual I/O conference based on the Android platform developed by Google USA. A security vulnerability exists in versions of the Google I/O 2017 application for Android-based platforms prior to 5.1.4, due t...
CVE-2017-0263
creationtimestamp| type| source ---|---|--- 2017-05-09 18:26:18+00:00| seen| MISP/59120865-27e0-4e6d-9b74-4a9f950d210f 2017-05-20 11:22:46+00:00| seen| https://t.me/canyoupwnme/1426 2018-02-21 07:47:18+00:00| seen| MISP/5a8d2377-208c-4330-908f-4818950d210f 2018-04-13 13:08:50+00:00|...