EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

CVE-2026-33384

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

PT-2026-45169

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

CVE-2026-33384

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

EUVD-2026-33339

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

CVE-2026-33386

CVE-2026-33386 affects QuickCMS. An attacker can exploit an insecure HTTP-based plugin-fetching mechanism to perform a Cross-Site Scripting (XSS) via a MITM that impersonates the opensolution.org server and serves arbitrary HTML/JavaScript at the plugin list endpoint. When a user visits the plugi...

CVE-2026-33384

CVE-2026-33384 affects QuickCMS. The issue allows a user’s session identifier to be set before authentication and persist after login, enabling session hijacking of a victim. A patch in QuickCMS version 6.8 (published 15 May 2026) fixes the vulnerability; deployments not yet updated remain vulner...

UBUNTU-CVE-2026-47760

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability; this vulnerability stemmed from potential null pointer dereferencing during the processing of AppArmor notifications, which cou...

WordPress plugin Auto Affiliate Links 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2026-39714

Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through = 6.8...

CVE-2026-39416

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

CVE-2026-39416

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

EUVD-2026-20605

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

CVE-2026-39416

Affected software: AIL Framework (pre-6.8). Vulnerable component: modal item preview. Root cause: stored XSS when item content >800 characters is returned without a proper text/plain content type, enabling injected HTML/JS in the context of an authenticated user. Impact: arbitrary script execu...

CVE-2026-39714

CVE-2026-39714 describes a Missing Authorization (broken access control) vulnerability in G5Theme G5Plus April for WordPress, affecting versions up to 6.8. The root cause is misconfigured access control enabling unauthorized access (no privileges, no user interaction required) over network. The C...

CVE-2026-25373

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through 6.8...

EUVD-2026-15693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through 6.8...