GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra

Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

CVE-2026-25304

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Jaroti jaroti allows Reflected XSS.This issue affects Jaroti: from n/a through 1.4.8...

CVE-2026-25354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through 1.4.8...

CVE-2026-25304 WordPress Jaroti theme < 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Jaroti jaroti allows Reflected XSS.This issue affects Jaroti: from n/a through 1.4.8...

CVE-2026-25304 WordPress Jaroti theme < 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Jaroti jaroti allows Reflected XSS.This issue affects Jaroti: from n/a through 1.4.8...

WordPress Plugin Lefebvre Community Events 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE CVE-2011-2698

Off-by-one error in the elemcellidaux function in epan/dissectors/packet-ansia.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service infinite loop via an invalid packet...

SUSE CVE-2013-1443

The authentication framework django.contrib.auth in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service CPU consumption via a long password which is then hashed...

CVE-2022-1194

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability...

CVE-2022-1541

The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress plugin Video Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of the WordPress Video Slider plugin prior to 1.4.8,...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.4.8, 1.5.6, and 1.6.1. An attacker exploited the vulnerability to move a stack with...