CVE-2026-8599

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

DRUPAL-CONTRIB-2025-004

The AI logging sub-module enables you to log AI requests and responses for debugging and auditing purposes. The module doesn't sufficiently check for access to view the preview listing of the logs. Full log details are correctly protected, and API keys are never logged. This vulnerability is...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud Deck 1.8.2 that stems from the fact that when obtaining a reference preview of a Deck card t...

PT-2022-25151 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.3 through 7.4.3.34 Liferay DXP versions 7.3 before update 10 Liferay DXP versions 7.4 before update 35 Description: The Layout module in Liferay Portal does not check user permission before showing the preview of a...