292 matches found
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from legacy engineering designs and factory-level diagnostic software. This vulnerability may allow malicious applications to gain access to the...
CVE-2026-1903
The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-1903
The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute
The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute
The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-1903
The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-1903
CVE-2026-1903 concerns the WordPress plugin Ravelry Designs Widget (versions up to 1.0.0). The vulnerability is a stored XSS via the shortcode attribute sb_ravelry_designs layout. Exploitation requires authenticated access at contributor level or higher, and would cause arbitrary scripts to run w...
WordPress plugin Ravelry Designs Widget 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-8079
The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sb ravelry designs' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...
WordPress Ravelry Designs Widget plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'sbravelrydesigns' Shortcode 'layout' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ravelry Designs Widget versions = 1.0.0...
ChartAttack: Testing the Vulnerability of LLMs to Malicious Prompting in Chart Generation
Multimodal large language models MLLMs are increasingly used to automate chart generation from data tables, enabling efficient data analysis and reporting but also introducing new misuse risks. In this work, we introduce ChartAttack, a novel framework for evaluating how MLLMs can be misused to...
CVE-2024-39654
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...
WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Wbcom Designs versions = 2.1.1...
CVE-2025-67582
Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through = 2.1.1...
EUVD-2025-202071
Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through = 2.1.1...
CVE-2025-67582 WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through = 2.1.1...
CVE-2025-67582 WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through = 2.1.1...
CVE-2025-67582
CVE-2025-67582 affects Wbcom Designs – Private Community for BuddyPress (Wbcom Designs) and is caused by Missing Authorization in lock-my-bp. The Wordfence vulnerability listing confirms the affected range up to version 2.1.1 and notes a Patched status, indicating a fix has been released. The CVS...
WordPress plugin Wbcom Designs 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2025-38012
Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.2...