11993 matches found
CVE-2026-39977 flatpak-builder has a path traversal leading to arbitrary file read on host when installing licence files
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
EUVD-2026-21045
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' vulnerability
WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin = 2.10.1.1 - Authenticated Author+ Stored Cross-Site Scripting via 'settingsjs' vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.10.1.1...
PT-2026-31705
Name of the Vulnerable Software and Affected Versions flatpak-builder versions 1.4.5 through 1.4.7 Description flatpak-builder, a tool for building flatpaks from source, contains a flaw where the 'license-files' manifest key can be exploited to read arbitrary files from the host system and includ...
flatpak-builder 路径遍历漏洞
flatpak-builder is an Open Source Flatpak application build tool developed by Flatpak. Versions of flatpak-builder from 1.4.5 to 1.4.8 had a path traversal vulnerability. This vulnerability stemmed from insufficient path parsing and validation of the keys in the license-files list, which could...
accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +320 more potentially affected by CVE-2026-40087 via langchain-core (>=1.0.0a8 <=1.2.24)
langchain-core PYPI version =1.0.0a8, =0.0.2, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...
EUVD-2024-47414
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-2509
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...
CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...
CVE-2026-2509
CVE-2026-2509: The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 2.0.8. The root cause is an incomplete event handler blocklist in the pagelayer_xss_content filtering function, which blocks common event handlers but n...
CVE-2026-2481
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settingsjs' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]'
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settingsjs' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]'
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settingsjs' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2481
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settingsjs' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2481
CVE-2026-2481 affects the Beaver Builder Page Builder – Drag and Drop Website Builder for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in the plugin's settings[js] parameter, arising from insufficient input sanitization and output escaping in versions up to and including 2.1...
Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in OWASP Java HTML Sanitizer via HtmlPolicyBuilder noscript/style Tags (v20240325.1), affects watsonx.data
Summary A vulnerability in OWASP Java HTML Sanitizer v20240325.1 allows Cross-Site Scripting XSS when HtmlPolicyBuilder permits noscript or style tags with allowTextIn. Unsanitized CSS or unexpected tags can be exploited by attackers. No patch is available at the time of this publication. This ca...
EUVD-2026-20406
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through = 1.8.1...