Astra Linux - уязвимость в wireshark

In Wireshark versions 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13, the VMS TCPIP trace file parser crashes. This issue allows for denial of service through malicious capture files...

Astra Linux - уязвимость в wireshark

The NetScaler file parser crashes in Wireshark versions 4.0.0 to 4.0.5, and 3.6.0 to 3.6.13. This issue allows for denial of service through crafted capture files...

CVE-2026-7308

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

CVE-2026-7308 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) via HTML Browse Page

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

CVE-2026-7308

CVE-2026-7308 (Nexus Repository) : An authenticated user with upload permissions can store content that triggers arbitrary JavaScript in the browser of any user visiting the repository HTML index page, via Nexus Repository versions 3.6.0–3.91.x (3.92.0 fixes this). The attack is a stored XSS on t...

Sonatype Nexus Repository 跨站脚本漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software, etc. Versions of Sonatype Nexus Repository from 3.6.0 to 3.92.0 contained a cross-site scripting vulnerability. This...

sigstore (>=3.6.0 <=3.6.1) potentially affected by CVE-2026-33753 via rfc3161-client (>=0.0.4 <=0.1.2)

rfc3161-client PYPI version =0.0.4, =3.6.0, =3.6.1 Source cves: CVE-2026-33753 Source advisory: OSV:GHSA-3XXC-PWJ6-JGRJ...

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan from 3.6.0 to 3.6.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the SanitizeSVG function being bypassed, allowing cross-site scripting attacks to occur...

CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

CVE-2026-32938

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...

WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability

Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability discovered by netranger in WordPress Plugin Post SMTP versions = 3.6.0...

Exploit for CVE-2025-11833

Unauthorized Data Access in Post SMTP Plugin for WordPress CV...

EUVD-2023-3253

Malicious code in bioql PyPI...

WordPress plugin Perfect Brands for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2022-3724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows CVE-2022-37...

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Growatt Cloud Applications 跨站脚本漏洞

Growatt Cloud Applications is a monitoring platform from China-based Growatt. A cross-site scripting vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which stems from insufficient server-side input validation and could lead to the injection of malicious JavaScript code...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker being able to check the existence of a username in the system via an API...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker being able to obtain the serial number of a smart meter...

PT-2025-8687 · WordPress · Sina Extension For Elementor

Name of the Vulnerable Software and Affected Versions: The Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.6.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Fancy Text, Countdow...