CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

EUVD-2019-3245

Malware in sbrugna...

CVE-2025-30818

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mlaza jAlbum Bridge jalbum-bridge allows DOM-Based XSS.This issue affects jAlbum Bridge: from n/a through = 2.0.17...

WordPress plugin Radcliffe security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2024-31243

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17...

PT-2024-23885 · Unknown · Bricksforge

Name of the Vulnerable Software and Affected Versions: Bricksforge versions from n/a through 2.0.17 Description: The issue is related to a Missing Authorization vulnerability in Bricksforge. This vulnerability could potentially impact systems using the affected versions. Recommendations: For...

WordPress plugin Bricksforge security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Radcliffe 2 versions = 2.0.17...

PT-2024-23884 · Unknown · Bricksforge

Name of the Vulnerable Software and Affected Versions: Bricksforge versions 2.0.17 and earlier Description: A Missing Authorization issue has been identified. This issue affects the authorization mechanism, potentially allowing unauthorized access. Recommendations: For versions 2.0.17 and earlier...

WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Setting Deletion vulnerability

Unauthenticated Arbitrary WordPress Setting Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bricksforge versions = 2.0.17...

WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bricksforge versions = 2.0.17...

He3 Security breaches

He3 is a developer toolkit. A security vulnerability exists in He3 version 2.0.17 that originates from allowing remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

PT-2024-20844 · He3 App · He3 App

Name of the Vulnerable Software and Affected Versions: He3 App for macOS version 2.0.17 Description: An issue in He3 App for macOS allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. Recommendations: For He3 App for macOS version 2.0.17,...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the startdocument function in psychemitter.c. Passing in a malicious tags array can trigger a crash. PoC: ruby require 'Psych' $tags = puts "+ Start" f = File.new"newfile", "w+" emitter = Psych::Emitter.new...

uWSGI Directory Traversal vulnerability

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

Simple Machines Forum Code Issue Vulnerability

Simple Machines Forum SMF is an open source web forum system by the SMF team in the United States. A code issue vulnerability exists in Simple Machines Forum SMF release prior to version 2.0.17. No details of the vulnerability are available at this time...

uWSGI Directory Traversal Vulnerability

uWSGI is a software application designed to develop a complete stack for building managed services. A directory traversal vulnerability exists in uWSGI prior to 2.0.17. The vulnerability arises because uWSGI fails to properly handle DOCUMENTROOT checks during the use of the --php-docroot option,...

Directory traversal

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...