563568 matches found
CVE-2026-9008
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
EUVD-2026-34942
The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...
CVE-2026-8438 All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path
The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...
CVE-2026-8438
The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...
CVE-2026-8438
The All-In-One Security (AIOS) WordPress plugin (versions up to and including 5.4.7) is affected by a Stored Cross-Site Scripting vulnerability. The root cause is insufficient input sanitization in get_rest_route() and missing output escaping in the debug log’s column_default() when the admin das...
CVE-2026-8438 All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path
The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...
CVE-2026-9281
The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...
CVE-2026-9008
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
CVE-2026-9008 Page-list <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode Attributes
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
EUVD-2026-34939
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
CVE-2026-9008 Page-list <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode Attributes
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
CVE-2026-9008
CVE-2026-9008 affects the Page-list WordPress plugin (versions up to 6.2). The pagelist_unqprfx_ext_shortcode() function for the [pagelist_ext]/[pagelistext] shortcodes accepts attacker-controlled post_status, post_type, and show_meta_key attributes and passes them into get_pages() and get_post_m...
CVE-2026-37737
sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...
CVE-2026-11302
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...
CVE-2026-11277
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501839664...
CVE-2026-50590
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
CVE-2026-11326
OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...
CVE-2026-10872
A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...
CVE-2026-10586
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...