PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

JLSEC-2026-461 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in...

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

Joomla Solidres 跨站脚本漏洞

Joomla Solidres is an open-source extension for hotel booking and room status management by Solidres. Version 2.13.3 of Joomla Solidres contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of multiple GET parameters, which may lead to reflective cross-si...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...

PT-2026-28080

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.26 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform susceptible to a SQL injection issue in the Data Table Get node. An authenticated user with appropriate...

n8n 跨站脚本漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the absence of binary data endpoint response headers, which could lead to cross-site...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

n8n 注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained injection vulnerabilities. These vulnerabilities stemmed from defects in the LDAP node filter escaping logic, which could allow attackers to manipulate filter...

EUVD-2026-9195

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

websitebaker 跨站脚本漏洞

websitebaker is a PHP-based content management system organized by WebsiteBaker. Its features include a template-based front-end interface, paging support, multi-user management, and more. A cross-site scripting vulnerability exists in websitebaker version 2.13.3, which stems from a stored...

CVE-2023-53903 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via SVG File Upload

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

CVE-2023-53903

Summary: CVE-2023-53903 affects WebsiteBaker 2.13.3 with a stored cross-site scripting (XSS) vulnerability. Authenticated users can upload SVG files containing embedded JavaScript; the script executes when the file is viewed, enabling persistent XSS. Affected component: WebsiteBaker 2.13.3, vulne...

CVE-2023-53903 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via SVG File Upload

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

websitebaker 安全漏洞

websitebaker is a PHP-based content management system for individual developers. Its features include template-based front-end interface, paging support, multi-user management, etc. WebsiteBaker 2.13.3 has a security vulnerability that originates from a directory traversal vulnerability. A securi...

EUVD-2025-203368

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...

CVE-2025-14003 Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...

WordPress plugin Image Gallery – Photo Grid & Video Gallery 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security vulnerability exists in...

CVE-2025-13891 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modulalistfolders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user...

PT-2025-50899

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modula list folders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies use...

GHSA-2QFP-Q593-8484 Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation

Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...