WordPress StageShow <5.0.9 - Open Redirect

WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshowredirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. id: CVE-2015-5461 info: name:...

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

CVE-2026-4659

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

EUVD-2026-33885

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

PT-2026-45723

Name of the Vulnerable Software and Affected Versions Wirtualna Uczelnia versions prior to wu2016.437.295020260327 105545 Description Server-Side Template Injection SSTI occurs when an unauthenticated attacker injects arbitrary template expressions into the server, which are then executed. This...

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

CVE-2026-3349 MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

CVE-2026-3349 MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

PT-2026-43636

Name of the Vulnerable Software and Affected Versions MinhNhut Link Gateway versions prior to 3.6.2 Description The MinhNhut Link Gateway plugin for WordPress contains a Reflected Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping of the url paramet...

CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

CVE-2026-9461

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly...

PT-2026-43193

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from the parameter submit-url operation of the function formLicence in the file /goform/formLicence, and...

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from the parameter submit-url operation of the function formAccept in the file /goform/formAccept, and m...

Edimax EW-7438RPn 安全漏洞

Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from the operation of the function formStats in the file /goform/formStats on the parameter submit-url, and could lead t...

CVE-2026-9344 Edimax EW-7438RPn webs formWpsStart stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed...