CVE-2026-6226 Frontend Admin by DynamiApps <= 3.29.2 - Unauthenticated Privilege Escalation via Form Configuration Injection

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

CVE-2026-6226

The CVE-2026-6226 issue affects the WordPress plugin Frontend Admin by DynamiApps (versions ≤ 3.29.2). Affected component is the form submission handling logic, where attacker-controlled form definitions can bypass backend validation when $_POST['_acf_form'] is an array. The validate_form() path ...

CVE-2023-47131

The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file...

CVE-2023-41316

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

Design/Logic Flaw

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

CVE-2023-41316 HTML Injection with email in Tolgee

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

CVE-2023-41316 HTML Injection with email in Tolgee

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

PT-2023-27901 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions prior to 3.29.2 Description: Tolgee is an open-source localization platform. Due to a lack of validation in the Org Name field, a bad actor can send emails with HTML injected code to victims. Registered users can inject HTML...

WordPress plugin Leyka 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Leyka Type Plugin Vulnerable versions = 3.29.2 Fixed in 3.30 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27442 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dc5061a06f06 Credits yuyudhn Required privilege...

NextAuth.js default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. We recommend upgrading to v4 in most cases. See our migration guide.next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a...

Design/Logic Flaw

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

next-auth 输入验证错误漏洞

next-auth is a complete open source authentication solution for Next.js applications. A security vulnerability existed in next-auth before 3.29.2, there is no information about the vulnerability at this time, please keep checking CNNVD or vendor announcements...

GNOME Evolution Evolution-Data-Server Buffer Overflow Vulnerability

GNOME Evolution is a set of mail client programs from the GNOME project for the Gnome desktop environment on Linux. The program provides Email, calendar, meeting scheduling, contact management, etc. Evolution-Data-Server is one of the data server components. A buffer overflow vulnerability exists...