CVE-2026-28223

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area...

CVE-2026-28223 Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area...

Wagtail 跨站脚本漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the confirmation messages in the Wagtail.contrib.simpletranslation module, which...

Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface

Impact A stored Cross-site Scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, cause...

CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

Vickey 安全漏洞

Vickey is a microblogging platform open-sourced by Whimsies YATeam. A security vulnerability exists in Vickey versions prior to 2025.10.0 that stems from an unexpired email confirmation link that can be reused, potentially resulting in verified email addresses receiving duplicate confirmation...

EUVD-2023-40588

Malicious code in bioql PyPI...

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

CVE-2010-5140

wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service invalid-transaction flood by sending low-valued transactions without transaction fees...

CVE-2025-30208

creationtimestamp| type| source ---|---|--- 2025-03-24 10:24:13+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w 2025-03-24 20:34:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ll5m6iaxgn2x 2025-03-24 20:54:47+00:00| seen|...

CVE-2024-46209

creationtimestamp| type| source ---|---|--- 2025-01-06 18:26:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113782815498541746 2025-01-06 19:15:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3tu6u4c22f 2025-01-06 19:47:35+00:00| seen|...

PT-2024-35958 · Unknown · Sp-Php-Email-Handler

Name of the Vulnerable Software and Affected Versions: sp-php-email-handler versions prior to 1.0.0 Description: The sp-php-email-handler PHP package is vulnerable to abuse, allowing malicious actors to specify arbitrary email recipients and include user-provided content in confirmation emails...

MAL-2024-1603 Malicious code in icon-reactjs (npm)

This package is considered malicious because it contains code to spam Telegram channels and Whatsapp channels with fake payment confirmations...

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

CVE-2023-36644

CVE-2023-36644 affects ITB-GmbH TradePro v9.5. The issue stems from Incorrect Access Control in the printmail plugin, enabling remote attackers to retrieve all order confirmations from the online shop. Connected sources corroborate the affected product (TradePro v9.5) and the vulnerability class ...

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

ITB-GmbH TradePro 安全漏洞

ITB-GmbH TradePro is a complete B2B e-shop from ITB-GmbH. A security vulnerability exists in ITB-GmbH TradePro version v9.5, which stems from incorrect access control. A remote attacker uses the vulnerability to receive all order confirmations from the online store via the printmail plugin...

PT-2024-12573 · Itb Gmbh · Itb-Gmbh Tradepro

Name of the Vulnerable Software and Affected Versions: ITB-GmbH TradePro version 9.5 Description: The issue allows remote attackers to bypass access controls and receive all order confirmations from the online shop via the printmail plugin. Recommendations: For ITB-GmbH TradePro version 9.5,...