PT-2026-44751

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounter addToTags function. The function is hooked to wp he...

CVE-2026-8698

The CVE-2026-8698 affects the WordPress plugin Cryptocurrency Prijsvergelijking Widget (version 1.0). Root cause: insufficient output escaping in as_get_coin_shortcode(), which renders the 'width' (and 'height') shortcode attributes directly into the style attribute of an iframe without esc_attr(...

WordPress plugin Envira Gallery Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Pz-LinkCard 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

WordPress plugin List View Google Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

DotCMS 安全漏洞

DotCMS is an open-source content management system developed by DotCMS Inc., written in Java. It is used to manage content and content-driven websites and applications. DotCMS has a security vulnerability that stems from a sandbox escape issue in the Velocity scripting engine. This vulnerability...

WordPress plugin Wonka Slide 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2023-53898

Rukovoditel 3.4.1 is affected by a stored cross-site scripting (XSS) vulnerability. The issue allows an authenticated attacker to inject iframe and script payloads into the application copyright text, enabling arbitrary JavaScript execution in victims’ browsers. Root cause, affected component, an...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

AlmaLinux 9 : redis (ALSA-2025:20926)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:20926 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

AlmaLinux 10 : valkey (ALSA-2025:19675)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19675 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

ALSA-2025:19238 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Joomla core 4.0.0-4.4.5,5.0.0-5.1.1 - Authenticated Self-XSS in fancyselect list field layout vulnerability

Authenticated Self-XSS in fancyselect list field layout vulnerability discovered by ? in WordPress Core Joomla versions 4.0.0-4.4.5,5.0.0-5.1.1...

CVE-2021-20800

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...