PT-2026-37165

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description Missing authorization allows authenticated Panel users to access site, user, and role information without proper permission gating. This occurs because permission settings...

CVE-2025-32430 XWiki Platform contains Reflected XSS vulnerability in two templates

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute...

CVE-2023-48300 Embed Privacy missing escaping for show_all attribute in opt-out shortcode

The Embed Privacy plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via embedprivacyoptout shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2022-28789

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...

Voice Note 安全漏洞

Voice Note is a voice note-taking software from Samsung South Korea. A security vulnerability exists in Voice Note versions prior to 21.3.51.11, which stems from the presence of unprotected activity. An attacker could exploit the vulnerability to record voice without user interaction. This patch...

Fedora 21 : php-ZendFramework2-2.4.8-1.fc21 (2015-16032)

Zend Framework 2.4.8 Security Update ZF2015-07: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created...