Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter. id: CVE-2014-45...

Important: Red Hat Security Advisory: Release of components for Service Telemetry Framework 1.5.7

Release of components for the Service Telemetry Framework Service Telemetry Framework STF provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat...

Amazon Linux 2 : python-jwcrypto, --advisory ALAS2-2026-3254 (ALAS-2026-3254)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3254 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker...

OPENSUSE-SU-2026:10576-1 python311-jwcrypto-1.5.7-2.1 on GA media

These are all security issues fixed in the python311-jwcrypto-1.5.7-2.1 package on the GA media of openSUSE Tumbleweed...

WordPress Featured Post Creative plugin <= 1.5.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Featured Post Creative versions = 1.5.7...

PYSEC-2026-70

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

DEBIAN-CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

CVE-2026-39373 JWCrypto: JWE ZIP decompression bomb

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

CVE-2025-69096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through = 1.5.7...

CVE-2025-69096 WordPress Zorka theme <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through = 1.5.7...

CVE-2025-69404

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through = 1.5.7...

CVE-2025-69404

CVE-2025-69404 affects ThemeREX Extreme Store extremestore (WordPress theme) with deserialization of untrusted data leading to PHP object injection. Affected versions are Extreme Store: from n/a through

PT-2026-21185

Name of the Vulnerable Software and Affected Versions ThemeREX Extreme Store versions through 1.5.7 Description A flaw exists in ThemeREX Extreme Store that allows for object injection due to deserialization of untrusted data. This condition can be exploited by an attacker to potentially compromi...

CVE-2026-1649

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cevenuename' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-1649

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cevenuename' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-1649 Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cevenuename' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-1649

CVE-2026-1649 : The WordPress Community Events plugin is affected by a Stored Cross-Site Scripting vulnerability via the ce_venue_name parameter in all versions up to 1.5.7. Exploitation requires administrator-level access or higher to inject scripts that run on page views. The issue is due to in...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Info Table Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...