100 matches found
EUVD-2026-42267
Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...
Malicious code in @content-editor/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @contenteditor-shared/content-editor-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6607 Malicious code in @content-editor/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6608 Malicious code in @contenteditor-shared/content-editor-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Joomla! Extension 'JCE' < 2.9.99.5 Remote Code Execution
The version of the JCE Joomla Content Editor extension for the Joomla! application running on the remote host is prior to 2.9.99.5. It is, therefore, affected by an improper access control vulnerability. The extension allows the creation of new editor profiles for unauthenticated users, ultimatel...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-48907link is external Widget Factory Joomla Content Editor Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for...
Widget Factory Joomla Content Editor Improper Access Control Vulnerability
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users...
Exploit for CVE-2026-48907
๐จ CVE-2026-48907 - JCE Joomla Content Editor Unauthenticated...
JoomlaSniper
JoomlaSniper CVE-2026-48907 โ Joomla JCE Editor Unauthen...
CVE-2025-15369
The Xpro Addons โ 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...
CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...
CVE-2025-15369
The Xpro Addons โ 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
CVE-2025-15369
CVE-2025-15369 affects the WordPress plugin Xpro Addons โ 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...
CVE-2025-15369
The Xpro Addons โ 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
CVE-2025-15369 Xpro Addons โ 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation
The Xpro Addons โ 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
WordPress plugin Xpro Addons โ 140+ Widgets for Elementor ๅฎๅ จๆผๆด
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-42086
The Xpro Addons โ 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get content editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
EUVD-2026-24135
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...