CVE-2026-6095 Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

Drupal Orejime 跨站脚本漏洞

Drupal Orejime is a Drupal privacy and cookie consent management module developed by the Drupal company. Versions of Drupal Orejime prior to 2.0.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, which could le...

CVE-2026-32100

Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

CVE-2026-31822

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

Authorization Bypass Through User-Controlled Key

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via unvalidated resource IDs accepted through LiveArg parameters in multiple LiveComponents. An attacker can access...

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

EUVD-2019-4086

Malware in sbrugna...

EUVD-2023-1467

Malicious code in bioql PyPI...

OPENSUSE-SU-2025:15334-1 libraptor-devel-2.0.16-5.1 on GA media

These are all security issues fixed in the libraptor-devel-2.0.16-5.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-2579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16...

CVE-2023-2666

Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16...

WordPress plugin My Tickets – Accessible Event Ticketing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

Microweber add_tagging_tagged.php file cross-site scripting vulnerability

Microweber is Microweber open source can provide drag and drop functionality of the online store management system . The system includes adding products , images and other modules. microweber version 2.0.16 cross-site scripting vulnerability , the vulnerability stems from...

microweber 安全漏洞

Microweber is Microweber open source can provide drag and drop functionality of the online store management system . The system includes adding products , images and other modules. microweber 2.0.16 version of a cross-site scripting vulnerability , the vulnerability stems from...

WordPress Post Grid Elementor Addon Plugin <= 2.0.16 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid Elementor Addon Type Plugin Vulnerable versions = 2.0.16 Fixed in 2.0.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a126fad23f02 Credits 4rCanJ0x! Required privile...

PT-2024-21136 · Data443 · Data443 Tracking Code Manager

Name of the Vulnerable Software and Affected Versions: Data443 Tracking Code Manager versions n/a through 2.0.16 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for the injection of malicious scripts...

UBUNTU-CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types...

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...