CVE-2026-28794

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject...

CVE-2026-28794 oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject...

CVE-2026-28794 oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject...

CVE-2026-28794 oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject...

CVE-2024-47366

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through = 1.13.6...

CVE-2024-47361

Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through = 1.13.6...

CVE-2024-47361

Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6...

WordPress plugin Elementor Addon Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2024-47366

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through = 1.13.6...

PT-2024-32583 · WordPress · Wpvibes Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: WPVibes Elementor Addon Elements versions 1.13.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Elementor Addon Elements versions = 1.13.6...

WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47366 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID e5b93a793554 Credits João Pedro S Alcântara Kinorth...

PT-2024-38091 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.6 Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets due to insufficient input...

Cilium Security Vulnerabilities

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. Cilium suffers from a security vulnerability that stems from allowing an attacker to conduct a deni...

CVE-2022-42011 affecting package dbus 1.13.6-5

CVE-2022-42011 affecting package dbus 1.13.6-5. A patched version of the package is available...

CVE-2022-42010 affecting package dbus 1.13.6-5

CVE-2022-42010 affecting package dbus 1.13.6-5. A patched version of the package is available...

CVE-2022-42012 affecting package dbus 1.13.6-5

CVE-2022-42012 affecting package dbus 1.13.6-5. A patched version of the package is available...

Input validation

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

PT-2022-7289

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.13.6 Description The issue is related to the incorrect handling of unexpected data types in the Nokogiri library for Ruby. This can allow a remote attacker to disclose protected information or cause a denial of...

Nokogiri 安全漏洞

Nokogiri is a software library for parsing HTML and XML in Ruby.A denial of service vulnerability exists in versions of Nokogiri prior to 1.13.6.The source of the vulnerability fails to type-check all input to the XML and HTML4 SAX parsers, which could be exploited by an attacker to trigger a...