WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Page Title Splitter versions = 2.5.9...

PT-2025-54325

Name of the Vulnerable Software and Affected Versions Chris Steman Page Title Splitter versions through 2.5.9 Description The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting XSS issue. This allows for Stored XSS attacks,...

WordPress plugin Page Title Splitter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a dual-split clock rate readback that does not include a P-splitter offset, which could result in an incorrect o...

EUVD-2021-24991

Malware in sbrugna...

EUVD-2006-1332

Malware in sbrugna...

EUVD-2005-1623

Malware in sbrugna...

EUVD-2021-24997

Malware in sbrugna...

LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing

The HTMLSectionSplitter class in langchain-text-splitters is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSLT without any...

CVE-2025-6985

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

CVE-2025-6985

The CVE-2025-6985 entry concerns LangChain Text Splitters (langchain-text-splitters) v0.3.8, with an XML External Entity (XXE) risk due to unsafe XSLT parsing. The connected docs explain that arbitrary XSLT stylesheets are parsed using lxml.etree.parse() and lxml.etree.XSLT() without hardening, a...

CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

EUVD-2025-9466

Malicious code in bioql PyPI...

Malicious code in node-red-contrib-flows_splitter (npm)

The package node-red-contrib-flowssplitter was found to contain malicious code...

LangChain HTMLSectionSplitter – XXE caused by unsafe XSLT parsing

This report is not public...

Malicious code in postcss-query-splitter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 482056a290c2c7a8615aef0f11b620222670aabd908e5617a0609041849458f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5201 Malicious code in postcss-query-splitter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 482056a290c2c7a8615aef0f11b620222670aabd908e5617a0609041849458f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-31089

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through = 5.3.0...

CVE-2025-31089

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through = 5.3.0...

CVE-2025-31089 WordPress Order Splitter for WooCommerce plugin <= 5.3.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through = 5.3.0...