CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

CVE-2026-6813

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

PT-2026-36578

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access...

Improper Neutralization of Special Elements Used in a Template Engine

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...

CVE-2025-54172

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...

CVE-2024-11616

Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both...

CVE-2024-11616

CVE-2024-11616 affects Netskope Endpoint DLP’s Content Control Driver prior to R119. The issue is a double-fetch heap overflow in EpdlpSetUsbAction where NumberOfBytes (ExAllocatePoolWithTag) and Length (RtlCopyMemory) each dereference user input; if the length increases between calls, RtlCopyMem...

ELECOM WRC-X6000XS-G、WRC-X1500GS-B和WRC-X1500GSA-B 安全漏洞

ELECOM WRC-X6000XS-G and others are a wireless router from ELECOM Japan. A security vulnerability exists in the ELECOM WRC-X6000XS-G, WRC-X1500GS-B, WRC-X1500GSA-B v1.11 and earlier versions, which originates from viewing a malicious page while logged in to an affected product with administrative...

PT-2024-31161

Name of the Vulnerable Software and Affected Versions Software versions prior to 24.07.12 Software versions 23.01.20 LTS through 23.01.19 LTS Software versions 23.10.24v13 LTS and earlier Software versions 24.04.24v5 LTS and earlier Description The issue arises in the System → Maintenance tool,...

PT-2023-19232 · Rolands Umbrovskis · Wp For Serp/Seo Rich Snippets

Name of the Vulnerable Software and Affected Versions: Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin versions = 3.5.201706131 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendation...

PT-2023-20269 · Unknown · Gqevu6Bsiz Announce From The Dashboard

Name of the Vulnerable Software and Affected Versions: gqevu6bsiz Announce from the Dashboard plugin versions = 1.5.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts into the website, which can...

PT-2022-23982 · Galerio & Urda · Better Delete Revision

Name of the Vulnerable Software and Affected Versions: Galerio & Urda's Better Delete Revision plugin version 1.6.1 and earlier Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious...

PT-2022-4896 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to errors in processing XML requests, which can allow a remote attacker to...

CVE-2018-1002007

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable htmlid...