4433 matches found
CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
CVE-2026-1644
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
CVE-2026-28126
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through 4.3.4...
Malicious Package
Overview mozilla-addons-frontend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
PT-2026-23760
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update action' function. This makes it possible for unauthenticated attackers to approve or reject user account...
EUVD-2026-9778
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through = 4.3.2...
CVE-2026-28126
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through 4.3.4...
CVE-2026-28126
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sizam RH Frontend Publishing Pro allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a before 4.3.4...
CVE-2026-28126 WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sizam RH Frontend Publishing Pro allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a before 4.3.4...
CVE-2026-28126
CVE-2026-28126 is a Reflected XSS in the RH Frontend Publishing Pro plugin (rh-frontend) for WordPress. Description and Red Hat/WordPress sources indicate improper neutralization of input during web page generation, enabling reflected XSS for RH Frontend Publishing Pro versions up to affected bui...
CVE-2026-28126 WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through 4.3.4...
WordPress plugin rh-frontend 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-23398
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through = 4.3.2...
@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)
dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...
Cross-site Scripting (XSS)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the v-html due to the lack of sanitization. An attacker with Editor role can execute arbitrary scripts in the context of a user's browser by storing malicious content in rich text cells...
Cross-site Scripting (XSS)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CommentsService component, which uses v-html without proper sanitization. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted inp...
Cross-site Scripting (XSS)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Comment.insert function that that lacks sanitization for stored HTML. An attacker can execute arbitrary JavaScript code in the context of the user's browser by submitting crafted input...
CVE-2026-28286
ZimaOS 1.5.2-beta3 is affected: the UI blocks file/folder creation in internal paths, but the API bypasses this validation, allowing arbitrary file/directory creation in sensitive dirs (e.g., /etc, /usr) via crafted requests. Root cause is improper API path validation, enabling path traversal-lik...
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...