CVE-2026-28075

The CVE-2026-28075 entry concerns the WordPress Porto theme (Porto Porto) with a Reflected XSS vulnerability in Porto versions up to 7.6.2. The issue is described as Improper Neutralization of Input During Web Page Generation, enabling reflected cross-site scripting. Affected product: Porto theme...

CVE-2026-28075 WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

Fortinet FortiOS Security Fabric 安全漏洞

Fortinet FortiOS Security Fabric is a network security platform from Fortinet, Inc. A security vulnerability exists in Fortinet FortiOS Security Fabric versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all, 7.0 all, and 6.4 all, which stems from an improper assignment of privileges and could...

WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.2.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Admin and Site Enhancements ASE Pro versions = 7.6.2.1...

WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Admin and Site Enhancements ASE versions = 7.6.2...

PT-2025-5473 · Unknown · Admin/Site Enhancements

Name of the Vulnerable Software and Affected Versions: Admin and Site Enhancements ASE versions n/a through 7.6.2 Description: The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For...

GHSA-94CC-XJXR-PWVF DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

WordPress LifterLMS plugin <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin LifterLMS versions = 7.6.2...

DEBIAN-CVE-2023-35946

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...

PT-2021-18762 · Telegram · Telegram

Name of the Vulnerable Software and Affected Versions: Telegram app version 7.6.2 for iOS Description: The issue allows remote authenticated users to cause a denial of service, resulting in an application crash, if the victim pastes an attacker-supplied message, such as one in the Persian languag...

CVE-2019-4349

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486...

IBM Maximo Anywhere Information Disclosure Vulnerability (CNVD-2020-27942)

IBM Maximo Anywhere is a suite of next-generation mobile solutions from IBM USA built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile...

PT-2020-19334 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 6.7.0 through 6.8.7 Elasticsearch versions 7.0.0 through 7.6.1 Description: The issue is related to a privilege escalation flaw in Elasticsearch. If an attacker can create API keys, they can perform a series of steps to...

CloudBees Jenkins Stored Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

CVE-2018-0389

A vulnerability in the implementation of Session Initiation Protocol SIP processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS condition. The vulnerability is du...