CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

UBUNTU-CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

CVE-2026-26223

SPIP before 4.4.8 is vulnerable to Cross-Site Scripting in the private area via malicious iframe tags. The root cause is iframe content not properly sandboxed or escaped in the back-office. SPIP 4.4.8 fixes this by adding a sandbox attribute to iframe tags in the private area; the issue is not mi...

CVE-2025-71245

SPIP

CVE-2025-71245

...

CVE-2026-1646

The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-1646 Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute

The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-1646 Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute

The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-1646

CVE-2026-1646 affects the Advance Block Extend WordPress plugin (versions up to and including 1.0.4). The issue is a Stored Cross-Site Scripting (XSS) in the TitleColor attribute of the Latest Posts Gutenberg block, caused by insufficient input sanitization and output escaping. Exploitation requi...

PT-2026-20638

Name of the Vulnerable Software and Affected Versions Advance Block Extend plugin for WordPress versions through 1.0.4 Description The Advance Block Extend plugin for WordPress has a Stored Cross-Site Scripting issue. This is due to insufficient input sanitization and output escaping in the...

PT-2026-21306

Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.51.5 Description Svelte is susceptible to cross-site scripting XSS during server-side rendering. Utilizing spread syntax with untrusted data can lead to the inclusion of event handler properties in the generated HTML...

PT-2026-20843

SPIP before 4.4.8 allows Cross-Site Scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...

CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

CVE-2026-23211 mm, swap: restore swap_space attr aviod kernel panic

In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swapspace attr aviod kernel panic commit 8b47299a411a "mm, swap: mark swap address space ro and add context debug check" made the swap address space read-only. It may lead to kernel panic if archpreparetoswap...

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2026-1807 InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...