1123438 matches found
EUVD-2026-33889
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2026-1450
The rognone WordPress plugin is affected by a Reflected XSS via the 'mode' parameter in versions up to and including 0.6.2, caused by insufficient input sanitization and output escaping. Unauthenticated attackers can exploit this if a user is tricked into a action link. A fix is available in late...
CVE-2026-1450 rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2026-1450 rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2026-2382
The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2382
The FPW Category Thumbnails plugin for WordPress is affected by a Stored Cross-Site Scripting (Stored XSS) issue in all versions up to and including 1.9.5. The vulnerability arises from insufficient input sanitization and output escaping in the id parameter of the fpw_fs_get_file AJAX action, all...
CVE-2026-2382 FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter
The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-33885
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
CVE-2026-4081
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
CVE-2026-4081
The CVE concerns the ZeM STL plugin for WordPress, affected in all versions up to 1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) via the [zemstl] shortcode caused by insufficient input sanitization and output escaping of user-supplied shortcode attributes, specifically 'url' , 'col...
Security Bulletin: Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary Security Vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected ...
CVE-2026-45580
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a stored cross-site scripting vulnerability. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class attribute by raw echo, without htmlspecialchars. A canStream user can persi...
CVE-2026-3722
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-10567
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-10510
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...
CVE-2026-10100
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...
CVE-2026-10529
A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...
CVE-2026-10567
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
EUVD-2026-33875
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-10567 1Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...