571 matches found
CVE-2026-3492
The Gravity Forms WordPress plugin (all versions up to 2.9.28.1) is vulnerable to Stored XSS due to a trio of issues: (1) missing authorization on the create_from_template AJAX endpoint allowing any authenticated user to create forms, (2) insufficient input sanitization where sanitize_text_field(...
CVE-2026-3492
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...
GHSA-9FFX-F77R-756W Sylius has an Open Redirect via Referer Header
Impact CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate application link placed on an attacker-controlled page. Th...
Sylius has an Open Redirect via Referer Header
Impact CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate application link placed on an attacker-controlled page. Th...
PT-2026-24658
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the create from template AJAX endpoint allowing any authenticated user to create forms,...
CVE-2026-31819
Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...
CVE-2026-31819 Sylius has an Open Redirect via Referer Header
Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...
CVE-2026-31819 Sylius has an Open Redirect via Referer Header
Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443481...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443478...
CVE-2025-11598
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598
The CVE-2025-11598 entry describes a vulnerability in the mObywatel iOS app where an unauthorized user can use the App Switcher to view the account owner’s personal information in the minimized app window after the login session has ended. The data exposed depends on the last application view sho...
CVE-2025-11598 Exposure of Confidential Information in mObywatel application
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598 Exposure of Confidential Information in mObywatel application
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
EUVD-2025-206765
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
PT-2026-5872
Name of the Vulnerable Software and Affected Versions mObywatel versions prior to 4.71.0 Description An unauthorized user can view an account owner's personal information in the minimized application window using the App Switcher, even after the login session has ended. Reopening the application...
Ministerstwo Cyfryzacji mObywatel 安全漏洞
Ministerstwo Cyfryzacji mObywatel is a national digital identity and government services application developed by the Polish Ministry of Digital Affairs. Versions of Ministerstwo Cyfryzacji mObywatel prior to version 4.71.0 contained a security vulnerability. This vulnerability allowed unauthoriz...
WordPress Elegant Addons for elementor plugin <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability discovered by stealthcopter in WordPress Plugin Elegant Addons for elementor versions = 1.0.8...