203 matches found
CVE-2026-9862
creationtimestamp| type| source ---|---|--- 2026-06-15 16:30:14+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3modpfnfc6n2a 2026-06-15 16:30:18+00:00| seen| https://infosec.exchange/users/offseq/statuses/116755071710658685 2026-06-15 16:42:13+00:00| seen|...
Agentic AI security: Why you need to know about autonomous agents now
Agentic AI is making headlines worldwide for its potential force-multiplying capabilities, and organizations are understandably intrigued by how it can improve throughput and capabilities. However, as with any technological revolution, unforeseen issues are inevitable, and agentic AI is no...
CVE-2026-3228 NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...
WordPress plugin NextScripts: Social Networks Auto-Poster 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin NextScripts: Social Network...
CVE-2026-27379
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through = 4.4.7...
CVE-2025-55208
Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files
Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files
Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...
CVE-2025-55208
Summary: CVE-2025-55208 affects Chamilo LMS prior to 1.11.34. A Stored XSS via insecure file uploads in the Social Networks feature allows a low-privilege user to execute arbitrary code in the admin inbox, enabling admin account takeover. The issue is fixed in version 1.11.34. The provided metric...
CVE-2026-27379
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through = 4.4.7...
CVE-2026-27379
CVE-2026-27379 concerns the WordPress plugin NextScripts: Social Networks Auto-Poster (v
PT-2026-23510
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo, a learning management system, contains a Stored Cross-Site Scripting XSS issue stemming from insecure file uploads within the Social Networks feature. A user with limited privileges can...
Hybrid IDS Using Signature-Based and Anomaly-Based Detection
Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...
CVE-2025-11826
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11826
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11826
CVE-2025-11826 involves the WP Company Info plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the class attribute of the social-networks shortcode, affecting all versions up to 1.9.0. Exploitation requires authenticated access at contributor level or higher, allow...
EUVD-2025-198384
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2025-47706
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...