Linux Distros Unpatched Vulnerability : CVE-2025-69993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw...

Exploit for CVE-2025-69993

Leaflet XSS POC Proof of Concept for CVE-2025-69993 — XSS vul...

CVE-2026-4335

The ShortPixel Image Optimizer WordPress plugin (≤ 6.4.3) is vulnerable to Stored Cross-Site Scripting via the attachment post_title. The root cause is insufficient output escaping in getEditorPopup() and media-popup.php, where the attachment title retrieved from get_post() is inserted into an HT...

CVE-2026-1804

CVE-2026-1804 concerns the WDES Responsive Popup WordPress plugin (versions

CVE-2025-57931

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 5.5.4...

CVE-2025-12134

CVE-2025-12134 affects the ZoloBlocks Gutenberg block plugin for WordPress. All versions up to 2.3.11 lack a capability check in update_popup_status(), enabling unauthenticated users to enable/disable popups (unauthorized data modification). The CVE maps to a Medium severity (CVSS ~5.3). Remediat...

CVE-2025-58921 WordPress WP Tactical Popup plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arevico WP Tactical Popup wp-tactical-popup allows Reflected XSS.This issue affects WP Tactical Popup: from n/a through = 1.1...

Linux Distros Unpatched Vulnerability : CVE-2017-2371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the WebKit component, which allows remote attackers to laun...

SUSE-SU-2024:3157-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 128.2.0 ESR bsc1229821 - CVE-2024-8381: Type confusion when looking up a property name in a 'with' block - CVE-2024-8382: Internal event interfaces were exposed to web content when browser...

PT-2024-12559 · Unknown · Bbs E-Popup

Name of the Vulnerable Software and Affected Versions: BBS e-Popup versions 2.4.5 and earlier Description: The issue is related to a Missing Authorization vulnerability in BBS e-Theme BBS e-Popup. Recommendations: For BBS e-Popup versions 2.4.5 and earlier, at the moment, there is no information...

Mozilla: A popup window could be resized in a way to overlay the address bar with web content

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a malicious website that creates a popup that could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks...

AlmaLinux 8 : firefox (ALSA-2022:1705)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:1705 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and...

CVE-2021-23984

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This...

PT-2019-12533 · WordPress · The Hustle

Name of the Vulnerable Software and Affected Versions: The Hustle aka wordpress-popup plugin version 6.0.7 Description: The issue allows for injecting malicious code into a pop-up window, potentially granting an attacker the ability to execute malicious code on the administrator's computer throug...

35mm Slide Gallery - Cross-Site Scripting

35mm Slide Gallery - Cross-Site Scripting | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | Web Site : www.iq-ty.com | | Script : powered by 35mm Slide Gallery http://www.andymack.com/freescripts/ | | Tested on: windows SP2 Français...

Attachment list in popup doesn't escape filenames causing XSS hole

The filenames in the attachment list of the link popup aren't being escaped. If you upload an attachment with a filename including html it could be executed...