7697 matches found
CVE-2026-13246
The CVE concerns GiveWP – Donation Plugin and Fundraising Platform for WordPress (up to version 4.16.0). A Stored XSS exists in the givewp_campaign_comments shortcode (block_id and similar attributes) due to insufficient sanitization and escaping in CampaignCommentsShortcode::parseAttributes() an...
CVE-2026-53606
A flaw was found in sanitize-html, an HTML sanitizer library. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS attacks. The issue occurs because the sanitizer does not properly validate dangerous URI schemes, such as javascript:, when they are used in certain HTML...
CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. id: CVE-2023-43177 info: name: CrushFTP 10.5.1 - Unauthenticated Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | CrushFTP prior...
Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload
Amasty Order Attributes for Magento 2 4.0.0 contains an unrestricted file upload vulnerability caused by lack of authentication and validation in the upload endpoint, letting unauthenticated attackers upload arbitrary files including PHP, enabling remote code execution or malware hosting. id:...
angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements as requiring strict sanitization. As a result, an attacker who can supply...
kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks
A flaw was found in the Linux kernel's XFS filesystem. When adding extended attributes xattrs, which are metadata associated with files, to leaf blocks, incorrect adjustments to the freemap can occur. This inconsistency allows the entries array and free space to overlap, leading to an assertion...
CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
CVE-2026-13757
CVE-2026-13757 affects p11-kit. The RPC attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() can form a mutually-recursive call chain with no recursion depth limit when handling nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TE...
CVE-2026-46625
A flaw was found in JavaScript Cookie js-cookie. This vulnerability allows a remote attacker to manipulate cookie attributes by exploiting a prototype pollution issue within the assign helper function. When processing specially crafted JSON input, the flaw enables an attacker to hijack the...
CVE-2026-57948
Pinpoint (through version 3.1.0) has an insecure session management vulnerability where the pinpointJwt cookie lacks HttpOnly and Secure attributes. This allows JavaScript access via document.cookie and cleartext transmission over HTTP, enabling potential exfiltration of the session token via sto...
PT-2026-53082
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An integer overflow occurs when the software reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response. This value is used in the allocation num attrs sizeoflibssh2...
CVE-2026-11364
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CVE-2026-11597
The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...
CVE-2026-11597 Surbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...
CVE-2026-11597
The CVE concerns the WordPress plugin “Surbma | Infusionsoft Shortcode” for versions up to 2.0.1. It enables Stored Cross-Site Scripting via the infusionsoft-form shortcode by unsafely handling user-supplied account and id attributes in surbma_infusionsoft_shortcode_shortcode(), which are concate...
EUVD-2026-39951
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CVE-2026-11364 Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CVE-2026-11364
CVE-2026-11364 affects the Product Specifications for WooCommerce plugin for WordPress up to version 0.8.9. The root cause is missing capability checks and absent nonce verification in the __invoke() methods of AttributeGroupController and AttributeController, tied to AJAX actions dwps_modify_gro...
CVE-2026-52785
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fix...
CVE-2026-52781
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted data- attributes via :data wildcard. An attacker injects data-controller="poll-for-changes" into a work package description, causing Stimulus.js to mount ...