CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

WordPress AWStats Script plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin AWStats Script versions = 0.3...

WordPress Dropshix plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Dropshix versions = 4.0.14...

CVE-2025-4661

CVE-2025-4661 is a path traversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 that could let a local admin access files outside the intended directory, potentially leading to sensitive information disclosure. Exploitation requires admin privileges on the switch. Connected sources confi...

CVE-2025-4661 Path transversal vulnerability potentially leading to sensitive information disclosure

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit...

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote...

CVE-2024-10517

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...