EUVD-2026-31916

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

PT-2026-43349

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

CVE-2026-25726

CVE-2026-25726 (Cloudreve) : Prior to 4.13.0, Cloudreve uses the weak Go PRNG math/rand seeded with time.Now().UnixNano() to generate critical secrets (secret_key, hash_id_salt) stored in the DB. An attacker can fetch the administrator account creation time via public APIs, brute-force the PRNG s...

CVE-2025-67716

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

PT-2025-50563

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

CVE-2025-54866

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files x86\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in...

CVE-2025-54866 Wazuh installation fails to protected authd.pass on Windows

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files x86\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 4.3.0 through prior to 4.13.0, which stems from a missing ACL in...

CVE-2025-13206 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

PT-2025-47446

Name of the Vulnerable Software and Affected Versions GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.13.1 Description The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input...

PT-2025-47791

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.9.0 through 4.12.9 Description Wazuh, a security detection, visibility, and compliance open source project, has an issue where the API – Agent Configuration, in specific setups, permits authenticated users with read-only API...

EUVD-2021-13987

Malware in sbrugna...

EUVD-2022-2800

Malicious code in bioql PyPI...

CVE-2022-40778

A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...

WordPress YITH WooCommerce Product Add-Ons plugin <= 4.13.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.13.0...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.13.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.13.0 Fixed in 4.13.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47367 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 4f86ebd3a7b4 Credits Le Ngoc Anh Required...

CVE-2021-31352 SRC Series: NETCONF over SSH allows negotiation of weak ciphers

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit thi...

Spoofing

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...