11988 matches found
CVE-2026-3694
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the btbbbutton shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-3694 Bold Page Builder <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the btbbbutton shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-3694
CVE-2026-3694 affects the Bold Page Builder plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the bt_bb_button shortcode’s 'text' attribute across all versions up to and including 5.6.8. It stems from insufficient input sanitization and output escaping for use...
EUVD-2026-30244
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the btbbbutton shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-3694
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the btbbbutton shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-3694 Bold Page Builder <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the btbbbutton shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
simdjson 输入验证错误漏洞
Simdjson is an open-source, high-performance JSON parsing library developed by Simdjson. Versions of Simdjson prior to 4.6.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the stringbuilder::escapeandAppend function, which had an integer overflow whe...
Strapi SQL注入漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 4.26.1 and 5.33.2 contained a SQL injection vulnerability. This vulnerability stemmed from the Content-Type Builder API’s database query injection mechanism. This allowe...
VulnCheck KEV: CVE-2026-47100
Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...
PT-2026-40904
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string builder::escape and append" when processing very large input strings on platforms with limited "size t" width e.g., 32-bit builds. The overflow can cause insufficient buffer...
PT-2026-40882
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt bb button shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
SQL Injection
Overview @strapi/content-type-builder is a Create and manage content types Affected versions of this package are vulnerable to SQL Injection via the column.defaultTo attribute in the content type creation or modification. An attacker can execute arbitrary database statements by supplying crafted...
@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bimbeo160/admin (=4.12.2) +70 more potentially affected by CVE-2026-22599 via @strapi/plugin-content-type-builder (>=4.0.0 <=4.26.0)
@strapi/plugin-content-type-builder NPM version =4.0.0, =0.1.0, =4.12.2, =0.0.1, =1.0.9, =1.3.2, =4.1.12, =0.2.0, =1.0.0-alpha.2, =1.1.0, =1.4.0-rc.0 - @mtcndyl/strapi-plugin-firebase-auth =1.0.3 and more Source cves: CVE-2026-22599 Source advisory: OSV:GHSA-3XCQ-8MJW-H6MX...
@avorati/strapi-plugin-preview (=1.0.1), @catchmexz/fedin-cms (>=5.30.1 <=5.30.2) +7 more potentially affected by CVE-2026-22599 via @strapi/content-type-builder (>=5.0.0 <=5.33.1)
@strapi/content-type-builder NPM version =5.0.0, =5.30.1, =2.0.2, =5.0.0, =3.0.0-beta.1, =3.0.0-beta.2 - stronges =0.1.1 - test-lead =0.1.0 Source cves: CVE-2026-22599 Source advisory: OSV:GHSA-3XCQ-8MJW-H6MX...
@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bimbeo160/admin (=4.12.2) +70 more potentially affected by CVE-2026-22599 via @strapi/plugin-content-type-builder (>=4.0.0-next.10 <=4.26.0)
@strapi/plugin-content-type-builder NPM version =4.0.0-next.10, =0.1.0, =4.12.2, =0.0.1, =1.0.9, =1.3.2, =4.1.12, =0.2.0, =1.0.0-alpha.2, =1.1.0, =1.4.0-rc.0 - @mtcndyl/strapi-plugin-firebase-auth =1.0.3 and more Source cves: CVE-2026-22599 Source advisory:...
SQL Injection
Overview @strapi/plugin-content-type-builder is a Strapi plugin to create content type Affected versions of this package are vulnerable to SQL Injection via the column.defaultTo attribute in the content type creation or modification. An attacker can execute arbitrary database statements by...
@avorati/strapi-plugin-preview (=1.0.1), @catchmexz/fedin-cms (>=5.30.1 <=5.30.2) +8 more potentially affected by CVE-2026-22599 via @strapi/content-type-builder (>=5.0.0-beta.6 <=5.33.1)
@strapi/content-type-builder NPM version =5.0.0-beta.6, =5.30.1, =2.0.2, =5.0.0, =3.0.0-beta.1, =3.0.0-beta.2 - stronges =0.1.1 - test-lead =0.1.0 Source cves: CVE-2026-22599 Source advisory: SNYK:JS-STRAPICONTENTTYPEBUILDER-16686876...
GHSA-3XCQ-8MJW-H6MX Strapi Vulnerable to SQL Injection in Content Type Builder
Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N 9.3 — Critical - Affected Versions: @strapi/content-type-builder =5.33.2 v5 or =4.26.1 v4 Description of CVE-2026-22599 A database-query...
Strapi Vulnerable to SQL Injection in Content Type Builder
Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N 9.3 — Critical - Affected Versions: @strapi/content-type-builder =5.33.2 v5 or =4.26.1 v4 Description of CVE-2026-22599 A database-query...
WordPress Bold Page Builder plugin <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Bold Page Builder versions = 5.6.8...