74 matches found
CVE-2026-28415
Gradio prior to 6.6.0 exposes an open redirect in the OAuth flow: _redirect_to_target() accepts an unvalidated _target_url, enabling redirection to arbitrary external URLs via /logout and /login/callback for apps using gr.LoginButton (e.g., Hugging Face Spaces). Starting with 6.6.0, the _target_u...
WordPress Login Logout Register Menu plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Login Logout Register Menu versions = 2.0...
CVE-2026-1099 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2022-51952
Malicious code in bioql PyPI...
EUVD-2025-30742
Malicious code in bioql PyPI...
EUVD-2022-6420
Malicious code in bioql PyPI...
EUVD-2024-32301
Malicious code in bioql PyPI...
EUVD-2025-4215
Malicious code in bioql PyPI...
CVE-2025-53467
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...
WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Login-Logout versions = 3.8...
CVE-2025-53467
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...
CVE-2025-53467 WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...
CVE-2025-53467
CVE-2025-53467 is a Stored XSS in WordPress plugin Login-Logout (Login-Logout). The flaw stems from improper neutralization of input during web page generation, enabling attacker-supplied script injection that persists in the page context. According to the CVSS 3.1 data, the vulnerability has a N...
CVE-2025-53467 WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...
PT-2025-39003
Name of the Vulnerable Software and Affected Versions webvitaly Login-Logout versions through 3.8 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious...
WordPress plugin Login-Logout 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-48061
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...
CVE-2024-33932
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0...
CVE-2023-0552
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...
CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...