CVE-2026-26345

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

CVE-2025-62605 Mastodon quotes control can be bypassed

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...

EUVD-2025-35213

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...

EUVD-2023-27791

Malicious code in bioql PyPI...

CVE-2025-59842

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

CVE-2025-59842 JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

CVE-2025-59842

CVE-2025-59842 affects jupyterlab; prior to 4.4.8, links generated from LaTeX renderers in Markdown cells could lack noopener, enabling potential reverse-tabnabbing with target=_blank. The issue was patched in jupyterlab 4.4.8. Fedora and other advisories indicate the fixes are provided in jupyte...

PT-2025-39657

Name of the Vulnerable Software and Affected Versions jupyterlab versions prior to 4.4.8 Description jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Links generated with LaTeX typesetters in Markdown files and Markdow...

CVE-2025-9817 NULL Pointer Dereference in Wireshark

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service...

CVE-2025-54742

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.4.8...

WordPress Radio Player Shoutcast & Icecast <= 4.4.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Radio Player Shoutcast & Icecast versions = 4.4.7...

CVE-2023-23705

Cross-Site Request Forgery CSRF vulnerability in HM Plugin WordPress Books Gallery plugin = 4.4.8 versions...

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient capability checks in the messaging web service. An attacker can view other users' names and online statuses by exploiting this flaw. Remediation Upgrade...

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to improper handling of user session states during the multi-factor authentication process. An attacker can access sensitive information about other users by exploiting t...

PT-2024-29023 · Joomla · Convert Forms

Name of the Vulnerable Software and Affected Versions: Convert Forms component for Joomla versions prior to 4.4.8 Description: The issue is related to an unrestricted file upload via a security bypass in the Convert Forms component for Joomla. This allows for potential malicious file uploads...

Joomla! 安全漏洞

Joomla! is a free, open source content management system from Joomla! open source. A security vulnerability exists in Joomla! versions prior to 4.4.8. An attacker exploiting the vulnerability can upload files without restriction...

PT-2024-15089 · WordPress · The Rss Aggregator By Feedzy – Feed To Post

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.7 Description: The plugin is vulnerable to Blind Server-Side Request Forgery via the fetc...

WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1660 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 427a28b8a8ff Credits Erwan LR Required privilege...

WordPress Email Subscribers & Newsletters SQL Injection Vulnerability (CNVD-2020-44907)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A SQL injection vulnerability exists in...