CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

EUVD-2026-31986

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

CVE-2026-39218

creationtimestamp| type| source ---|---|--- 2026-05-08 18:19:08+00:00| seen| https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f...

📄 NLTK 3.9.2 Path Traversal / File Disclosure

NLTK version 3.9.2 suffers from a path traversal vulnerability that allows for file disclosure. ================================================================================================================================== | Title : NLTK 3.9.2 Path Traversal - File Disclosure Exploit | | Auth...

CVE-2021-22291 EIBPORT Reflected XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2...

CVE-2021-22291 EIBPORT Reflected XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2...

PT-2025-40993

Name of the Vulnerable Software and Affected Versions ABB EIBPORT V3 KNX versions prior to 3.9.2 ABB EIBPORT V3 KNX GSM versions prior to 3.9.2 Description An issue exists in ABB EIBPORT V3 KNX and ABB EIBPORT V3 KNX GSM related to improper neutralization of input during web page generation, whic...

WordPress plugin Metform 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress Next-Cart Store to WooCommerce Migration plugin <= 3.9.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Next-Cart Store to WooCommerce Migration versions = 3.9.2...

AZL-43774 CVE-2024-23829 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

PYSEC-2024-24

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

CVE-2022-43923

creationtimestamp| type| source ---|---|--- 2023-02-24 18:19:27+00:00| seen| https://t.me/cibsecurity/58880...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen...

CVE-2022-39238

creationtimestamp| type| source ---|---|--- 2022-09-23 12:13:17+00:00| seen| https://t.me/cibsecurity/50311...

UBUNTU-CVE-2020-25627

The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2...

UBUNTU-CVE-2020-25703

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10...

PT-2020-16161 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: moodle versions 3.5 to 3.5.14 moodle versions 3.7 to 3.7.8 moodle versions 3.8 to 3.8.5 moodle versions 3.9 to 3.9.2 Description: Insufficient capability checks in moodle could lead to users with the ability to course restore adding additiona...

PT-2020-8449

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.0.0 Mattermost Server versions 3.10.2 and earlier Mattermost Server versions 3.9.2 and earlier Description: An issue allows CSRF to occur if CORS is enabled. Recommendations: For versions prior to 4.0.0,...

CVE-2002-2392

Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to 1 wsz and 2 wal files that contain embedded code...