17350 matches found
CVE-2026-0557
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-0557
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-0557
CVE-2026-0557 affects the WordPress WP Data Access plugin (versions up to 5.5.63). The issue is a Stored Cross-Site Scripting vulnerability via the wpda_app shortcode caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or ...
CVE-2026-0557 WP Data Access <= 5.5.63 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpda_app' Shortcode
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-0557 WP Data Access <= 5.5.63 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpda_app' Shortcode
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin WP Data Access 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
VulnCheck KEV: CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...
PT-2026-8062
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda app' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin One to one user Chat by WPGuppy 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
PT-2026-8046
The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve...
WordPress WP Data Access plugin <= 5.5.63 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpda_app' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'wpdaapp' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Data Access versions = 5.5.63...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS, including versions Sequoia 15.7.4, Tahoe 26.3 and Sonoma 14.8.4. The vulnerabilities include memory corruption issues, unauthorized access to sensitive user data, and logging issues that could lead to unauthorized access to location information. The updat...
CVE-2026-1721 Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...
CVE-2026-20623
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data...
CVE-2026-20618
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data...
CVE-2026-20629
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data...
CVE-2026-20680
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data...
CVE-2026-20653
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user da...
Top 10 actions to build agents securely with Microsoft Copilot Studio
Organizations are rapidly adopting Copilot Studio agents, but threat actors are equally fast at exploiting misconfigured AI workflows. Mis-sharing, unsafe orchestration, and weak authentication create new identity and data‑access paths that traditional controls don’t monitor. As AI agents become...
CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...