CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-39882 affecting package moby-containerd-cc for versions less than 1.7.7-11

CVE-2026-39882 affecting package moby-containerd-cc for versions less than 1.7.7-11. A patched version of the package is available...

EUVD-2026-15666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-25351 WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-25351

The CVE-2026-25351 entry concerns the WordPress theme MyMedi (MyMedi) with a Reflected Cross-Site Scripting flaw in MyMedi up to version 1.7.7, caused by improper input neutralization during web page generation. The Wordfence report confirms affected software as MyMedi

WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MyMedi versions 1.7.7...

PT-2026-6776

Name of the Vulnerable Software and Affected Versions Lute versions prior to 1.7.7 Description Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting XSS issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into...

PT-2026-2037

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A buffer overflow issue exists in the strcpy function within the /goform/formPictureUrl file. The manipulation of the importpictureurl argument can trigger this issue, allowing for remote attacks...

Grist 安全漏洞

Grist is a modern relational spreadsheet open-sourced by Grist. A security vulnerability exists in Grist versions prior to 1.7.7, which stems from a partial read permission user having access to the full document change history, potentially leading to the disclosure of sensitive information...

PT-2024-22843 · Vvvebjs · Vvvebjs

Name of the Vulnerable Software and Affected Versions: VvvebJs versions prior to 1.7.7 Description: A Reflected Cross-Site Scripting XSS issue allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in "save.php". This enables attackers to perfo...

AZL-35887 CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-6

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

WordPress plugin Pagelayer cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

AZL-34542 CVE-2023-3978 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...

CVE-2021-24184

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

ALPINE-CVE-2016-7946

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service infinite loop via vectors involving length fields...