CVE-2026-33209

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...

CVE-2026-33209

Avo interface has a reflected XSS vulnerability in the return_to query parameter. An attacker can craft a URL that injects JavaScript, executed when the user interacts with a generated navigation button. Impact varies by deployment: unauthenticated setups allow exploitation via crafted links; aut...

CVE-2026-33209 Avo has a XSS vulnerability on `return_to` param

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...

Avo 跨站脚本漏洞

Avo is an open-source Ruby on Rails management panel framework developed by Avo itself. Versions of Avo prior to 3.30.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the returnto query parameter in the Avo interface, which allowed reflective cross-site scripting...

AZL-66557 CVE-2025-9301 affecting package cmake for versions less than 3.30.3-9

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may b...

WordPress Elementor plugin <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import vulnerability

Authenticated Administrator+ Arbitrary File Read via Image Import vulnerability discovered by mikemyers in WordPress Plugin Elementor Website Builder versions = 3.30.2...

CVE-2024-2398 affecting package cmake for versions less than 3.30.3-2

CVE-2024-2398 affecting package cmake for versions less than 3.30.3-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-2004 affecting package cmake for versions less than 3.30.3-2

CVE-2024-2004 affecting package cmake for versions less than 3.30.3-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2

CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2. A patched version of the package is available...

AZL-49041 CVE-2024-8096 affecting package cmake for versions less than 3.30.3-2

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

WordPress plugin Leyka 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-4917

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

gnome-shell: partial lock screen bypass

A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in...