61 matches found
EUVD-2026-39950
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...
CVE-2026-11783
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...
GO-2026-5370 SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode in github.com/siyuan-note/siyuan/kernel
SiYuan has broken access control in /api/search/searchAsset,searchTag,searchWidget,searchTemplate publish-mode in github.com/siyuan-note/siyuan/kernel...
poc-wondercms-360-xss
CVE — WonderCMS 3.6.0 Stored XSS via Search Widget Severity...
CVE-2026-45148
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...
CVE-2025-13840
CVE-2025-13840 — Bukazu Search Widget (WordPress) Vulnerability: Stored XSS via the shortcodes attribute of bukazu_search. Exploitation requires authentication at Contributor level or higher. Impact: injected scripts execute when users load the affected page. Affected versions: all versions up to...
CVE-2025-13840 BUKAZU Search widget <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute
The BUKAZU Search widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortcode' parameter of the 'bukazusearch' shortcode in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
WordPress plugin BUKAZU Search widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress BUKAZU Search widget plugin <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin BUKAZU Search widget versions = 3.3.2...
Minor update(3) for Vivaldi Android Browser 7.7
Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the second 7.7 minor update: RegressionTablet Does not...
CVE-2025-43823
CVE-2025-43823 is an XSS vulnerability in the Liferay Commerce Search Result widget. A crafted payload injected into a Commerce Product’s Name field can execute arbitrary script in affected environments. Affected products/versions include Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q4 bef...
EUVD-2024-43309
Malicious code in bioql PyPI...
EUVD-2023-47006
Malicious code in bioql PyPI...
EUVD-2025-28334
Malicious code in bioql PyPI...
EUVD-2025-29663
Malicious code in bioql PyPI...
EUVD-2024-43307
Malicious code in bioql PyPI...
CVE-2025-43804
Cross-site scripting XSS vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the comliferayportalsearchwebportletSearchPortletuserId parameter...
GHSA-CCRC-5VP5-VP5J Liferay search widget vulnerable to Cross-site Scripting
There is a Cross-site scripting XSS vulnerability in Liferay Portal's Search widget . Versions 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allow remote attackers to inject arbitrary web scripts or HTML via the...
Liferay search widget vulnerable to Cross-site Scripting
There is a Cross-site scripting XSS vulnerability in Liferay Portal's Search widget . Versions 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allow remote attackers to inject arbitrary web scripts or HTML via the...
CVE-2025-43804
Cross-site scripting XSS vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the comliferayportalsearchwebportletSearchPortletuserId parameter...