CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

Fedora 44 : libarchive (2026-54ce3fd147)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-54ce3fd147 advisory. Rebase to the latest upstream version - 3.8.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2026-103-01)

The version of libarchive installed on the remote host is prior to 3.8.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-103-01 advisory. New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39841

The CVE-2026-39841 vulnerability is a Stored XSS in the MediaWiki Cargo Extension (pre-3.8.7) due to improper neutralization of Script-Related HTML tags in list fields on Cargo pages and Special:CargoTables. This affects how Cargo handles page values, allowing injected scripts to be stored and po...

MediaWiki - Cargo Extension 安全漏洞

MediaWiki – Cargo Extension is an open-source plugin for querying and storing data in MediaWiki. Versions of MediaWiki – Cargo Extension prior to 3.8.7 contained security vulnerabilities. These vulnerabilities were due to improper handling of script-related HTML tags, which could lead to stored-x...

CVE-2025-60182 WordPress Support Board plugin < 3.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through 3.8.7...

EUVD-2025-28326

Malicious code in bioql PyPI...

vBulletin 安全漏洞

vBulletin is an open source web forum program based on PHP and MySQL from vBulletin, Inc. in the United States. A security vulnerability exists in vBulletin version 3.8.7, which stems from improper handling of the misc.php?do=buddylist endpoint, which could lead to a denial of service attack...

WordPress plugin Noptin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Noptin plugin <= 3.8.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by kmaron1n in WordPress Plugin Noptin versions = 3.8.7...

CVE-2025-24596

Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7...

PT-2025-5432 · WordPress · Woocommerce Product Table Lite

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite versions 3.8.7 and earlier Description: The issue is related to a lack of authorization in WooCommerce Product Table Lite, allowing the exploitation of incorrectly configured access control security levels...

PT-2024-28564 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.7 Description: A Cross-Site Request Forgery CSRF issue affects the Ninja Forms plugin, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited by an attacker to perform...

PT-2024-36407 · WordPress · Wp Quicklatex

Name of the Vulnerable Software and Affected Versions: WP QuickLaTeX WordPress plugin versions prior to 3.8.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 DoS Vulnerability (bpo-42103) - Windows

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 Race Condition Vulnerability (bpo-40791) - Windows

Python is prone to a race condition vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

CVE-2021-32855

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue...

CVE-2021-32855 vditor vulnerable to Cross-site Scripting

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue...

WordPress plugin MashShare 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...