34 matches found
CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload
Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...
CVE-2026-12505 affecting package cifs-utils for versions less than 7.6-1
CVE-2026-12505 affecting package cifs-utils for versions less than 7.6-1. An upgraded version of the package is available that resolves this issue...
Linux Distros Unpatched Vulnerability : CVE-2026-40169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an ou...
EUVD-2026-20152
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...
CVE-2026-39484 WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...
CVE-2026-39484
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...
WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Or Benit in WordPress Plugin Hide My WP Ghost versions 7.0.00...
CVE-2025-32355
CVE-2025-32355 affects Rocket TRUfusion Enterprise up to version 7.10.4.0, where the built-in reverse proxy can be misconfigured to accept absolute URLs in the HTTP request line. This enables server-side requests to load arbitrary resources via the proxy, constituting a server-side request forger...
CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11
CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11. A patched version of the package is available...
CVE-2025-67922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...
CVE-2025-67922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...
CVE-2025-67544 WordPress Shopkeeper Extender plugin < 7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...
PT-2025-49920
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...
AZL-70199 CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...
CVE-2025-61593 Cursor CLI Agent: Sensitive File Overwrite Bypass
Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files i.e. /.cursor/cli.json allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A...
WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by 0xd4rk5id3 in WordPress Plugin SUMO Memberships for WooCommerce versions 7.8.0...
Linux Distros Unpatched Vulnerability : CVE-2021-29428
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and...
CVE-2025-30964
Server-Side Request Forgery SSRF vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through 7.7.6...
WordPress Site Reviews plugin < 7.2.5 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Site Reviews versions 7.2.5...
CVE-2022-2218
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...