6275 matches found
SUSE CVE-2017-18898
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...
PT-2026-3353
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...
PT-2026-3336
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby check wp submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it...
CVE-2025-69581
creationtimestamp| type| source ---|---|--- 2026-01-16 23:02:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl7ejtlbs2b 2026-01-16 23:52:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclc6zk6gh2k...
CVE-2026-23800
creationtimestamp| type| source ---|---|--- 2026-01-16 22:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl3whskkc2v 2026-01-16 22:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl3wrinfk2v 2026-01-16 23:57:51+00:00| seen|...
CVE-2026-21623
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
CVE-2026-21623
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
CVE-2026-21623 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
CVE-2026-21623 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
CVE-2026-21623
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
CVE-2026-21623
The CVE-2026-21623 entry concerns the EasyDiscuss Joomla extension. Affected software: Joomla with the EasyDiscuss component, versions 1.0.0 through 5.0.15. Root cause: lack of input filtering in the forum post handling, enabling a persistent XSS vulnerability. Impact per sources: high confidenti...
CVE-2026-0913
CVE-2026-0913 affects the WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End. It enables Stored Cross-Site Scripting via the usp_access shortcode due to insufficient input sanitization/output escaping on user-supplied attributes. Valid for all versions up to a...
CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
CVE-2026-0913
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
CVE-2026-1003
The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with Author-level access a...
CVE-2026-0916
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2026-0916
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2026-0916 Related Posts by Taxonomy <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2026-0916
CVE-2026-0916 - WordPress Related Posts by Taxonomy (plugin) The vulnerability is a Stored Cross-Site Scripting (XSS) in the Related Posts by Taxonomy plugin for WordPress, exploitable via the shortcode; it affects all versions up to and including 2.7.6 due to insufficient input sanitization and ...