8486 matches found
CVE-2026-1904
CVE-2026-1904 concerns the WordPress plugin Simple Wp colorfull Accordion (vulnerable through versions up to 1.0). The issue is a Stored Cross-Site Scripting (XSS) via the shortcodes’ title attribute in the accordion shortcode. Root cause: insufficient input sanitization and output escaping. Impa...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hp-bioscfg platform driver attempting to register an empty name attribute, which may cause kernel...
WordPress plugin AMP Enhancer – Compatibility Layer for Official AMP Plugin 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Best-wp-google-map plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Best-wp-google-map versions = 2.1...
WordPress Flexi Product Slider and Grid for WooCommerce plugin <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortcode Attribute vulnerability
Authenticated Contributor+ Local File Inclusion via 'theme' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Flexi Product Slider and Grid for WooCommerce versions = 1.0.5...
WordPress ZoomifyWP Free plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin ZoomifyWP Free versions = 1.1...
WordPress Simple Plyr plugin <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'poster' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'poster' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Plyr versions = 0.0.1...
WordPress Simple Wp colorfull Accordion plugin <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
Authenticated Contributor+ Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Wp colorfull Accordion versions = 1.0...
beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS)
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
CVE-2026-26226
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
CVE-2026-26226
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
CVE-2026-26226
The CVE-2026-26226 issue affects beautiful-mermaid versions prior to 0.1.3, where user-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without proper escaping. This enables SVG attribute injection that can lead to cross-site scripting (XSS) ...
CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
beautiful-mermaid 跨站脚本漏洞
Beautiful-Mermaid is a visualization AI assistant tool developed by Craft Docs. Versions of Beautiful-Mermaid prior to 0.1.3 had a cross-site scripting vulnerability. This vulnerability stemmed from an SVG attribute injection issue, which could lead to cross-site scripting attacks when rendering...
PT-2026-8010
Name of the Vulnerable Software and Affected Versions beautiful-mermaid versions prior to 0.1.3 Description The software contains an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid sty...
USN-8041-1: Dottie vulnerability
Yuhan Gao and Peng Zhou discovered that Dottie was vulnerable to prototype pollution when altering the proto magical attribute. An attacker could possibly use this issue to achieve remote code execution...
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1827 IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...