PT-2026-32669

Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer Cloud versions 7.6.2 through 7.6.4 FortiManager Cloud versions 7.6.2 through 7.6.4 Description A heap-based buffer overflow allows a remote unauthenticated attacker to execute arbitrary code or commands by sending...

EUVD-2026-9733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

CVE-2026-28075 WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

PT-2026-23353

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

WordPress GamiPress plugin <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by kr0d in WordPress Plugin GamiPress versions = 7.6.1...

EUVD-2017-8036

Malware in sbrugna...

EUVD-2025-10300

Malicious code in bioql PyPI...

EUVD-2024-1992

Malicious code in bioql PyPI...

CVE-2025-24649 WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 7.6.2...

FortiWeb vulnerable to SQL injection

Overview FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability CWE-89, CVE-2024-55593. Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

WordPress Themify Builder plugin <= 7.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Themify Builder versions = 7.6.2...

WordPress Themify Builder Plugin <= 7.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.2 Fixed in 7.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab445f01cba Credits Colin Xu Required...

CVE-2024-9385

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

WordPress plugin Themify Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection...

CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...

CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...

CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...

CVE-2023-35946 Dependency cache path traversal in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...

CVE-2021-20444

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620...