CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

CVE-2026-25447

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

WordPress plugin Widget Wrangler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-0944

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4...

PT-2026-1134

Name of the Vulnerable Software and Affected Versions Nuvation Battery Management System versions through 2.3.9 Description A flaw exists in the Nuvation Battery Management System that permits authentication bypass. This allows unauthorized access to critical battery management functions via the...

Nuvation Energy Battery Management System 安全漏洞

Nuvation Energy Battery Management System is a battery management system from Nuvation Energy, Inc. A security vulnerability exists in Nuvation Energy Battery Management System version 2.3.9 and prior versions that originates from allowing authentication bypass...

CVE-2025-62992

Cross-Site Request Forgery CSRF vulnerability in Everest themes Everest Backup allows Path Traversal.This issue affects Everest Backup: from n/a through 2.3.9...

PT-2025-54303

Name of the Vulnerable Software and Affected Versions Everest Backup versions through 2.3.9 Description A Cross-Site Request Forgery CSRF issue exists in Everest Backup, potentially allowing Path Traversal. Recommendations Versions prior to 2.3.9 are affected. At the moment, there is no informati...

WordPress WP Job Portal plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.4...

CVE-2025-60161

Server-Side Request Forgery SSRF vulnerability in bdthemes ZoloBlocks zoloblocks allows Server Side Request Forgery.This issue affects ZoloBlocks: from n/a through = 2.3.11...

OneBlog 代码问题漏洞

OneBlog is a beautiful and powerful Java blog by yadong.zhang individual developer. A security vulnerability exists in OneBlog 2.3.9 and earlier versions, which stems from an incorrect operation of the autoLink function that can lead to server-side request forgery...

CVE-2025-1691

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

WordPress plugin WC Affiliate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...