CVE-2026-9591 Cross-Site Request Forgery (CSRF) in SimplCommerce News Module

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

CVE-2026-11975

CVE-2026-11975 : In SimplCommerce, stored XSS occurs in the NewsItemApiController before commit 6142d3b5, allowing an authenticated administrator to inject JavaScript via ShortContent and FullContent that are stored without HTML sanitization and rendered with Html.Raw(). Affected: News module adm...

CVE-2022-50966

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

EUVD-2010-4628

Malware in sbrugna...

EUVD-2004-2012

Malware in sbrugna...

EUVD-2005-4633

Malware in sbrugna...

EUVD-2005-4258

Malware in sbrugna...

EUVD-2005-0675

Malware in sbrugna...

EUVD-2008-4337

Malware in sbrugna...

EUVD-2012-1322

Malware in sbrugna...

EUVD-2013-3459

Malware in sbrugna...

EUVD-2014-2284

Malware in sbrugna...

EUVD-2012-4817

Malware in sbrugna...

EUVD-2008-2085

Malware in sbrugna...

EUVD-2005-4257

Malware in sbrugna...

EUVD-2022-2808

Malicious code in bioql PyPI...

EUVD-2021-28115

Malicious code in bioql PyPI...

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

CVE-2025-57757

Contao CMS vulnerability CVE-2025-57757: In Contao versions prior to 5.3.38 and 5.6.1, protected news archives in the news feed are not filtered, causing confidential items to appear in the RSS feed. This is patched in 5.3.38 and 5.6.1. Workaround: do not include protected archives in the feed. A...

GHSA-W53M-GXVG-VX7P Contao can disclose sensitive information in the news module

Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...