CVE-2026-1912

CVE-2026-1912 concerns the WordPress plugin Citations tools, affected in all versions up to 0.3.2. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the shortcodes/ctdoi code attribute, caused by insufficient input sanitization and output escaping on user-supplied attributes. Ex...

CVE-2025-13656

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2024-7522

The Mozilla Foundation Security Advisory describes this flaw as: Editor code failed to check an attribute value. This could have led to an out-of-bounds read...

PT-2021-6170

Name of the Vulnerable Software and Affected Versions PJSIP affected versions not specified Description The issue is related to an integer underflow scenario when processing a STUN message with an ERROR-CODE attribute. This can be exploited by a malicious actor located within the victim's network...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...