43 matches found
EUVD-2026-37843
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...
CVE-2026-5509 Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...
CVE-2026-5509
The CVE-2026-5509 entry describes an authenticated command-injection flaw in TP-Link Archer BE450 v1 and BE7200 v1 routers. After logging into the admin web interface, an attacker can inject crafted input via the browser’s developer console that is passed to backend system commands without suffic...
CVE-2026-35467
CVE-2026-35467 concerns unprotected storage of API keys in a temporary browser client (IndexedDB), allowing exposure of encryption credentials via JavaScript console or similar errors. Multiple sources (NVD, Red Hat, ENISA EUVD, CIRCL, CVE List, AttackersKB, CVE records) describe the same issue w...
WordPress Plugin Web Accessibility by accessiBe Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Web Accessibility by...
CVE-2025-13113
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...
CVE-2025-13113
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...
CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...
CVE-2025-14756
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...
CVE-2025-14756
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...
CVE-2025-14756 Authenticated Command Injection Vulnerability in Archer MR600
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...
CVE-2025-14756 Authenticated Command Injection Vulnerability in Archer MR600
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...
EUVD-2025-206350
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...
CVE-2025-14756
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...
CVE-2025-14756
CVE-2025-14756 affects TP-Link Archer MR600 v5. The vulnerability is an authenticated OS command injection in the admin interface, allowing an attacker to execute system commands with a limited character length input via the browser developer console. Published sources indicate this can lead to s...
PT-2026-4796
Name of the Vulnerable Software and Affected Versions TP-Link Archer MR600 version v5 Description A command injection issue exists in the admin interface component. Authenticated attackers can execute system commands with a limited character length through crafted input in the browser developer...
Exploit for CVE-2025-55182
GitHub CVE Scanner 🔍 Quickly scan GitHub repositories for c...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
PT-2025-45159
Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...