36749 matches found
CVE-2026-57695
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...
CVE-2026-57409
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...
CVE-2026-57695
The CVE-2026-57695 entry relates to the WordPress Document Gallery plugin (
CVE-2026-57695 WordPress Document Gallery plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...
CVE-2026-57380 WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Sandbox escape in the DOM: Navigation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...
ESAFENET CDG - Arbitrary File Download
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still...
XWiki Platform - Unauthorized Document History Access
A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...
ColumbiaSoft DocumentLocator - Improper Authentication
Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
Mongo-Express - Remote Code Execution
Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...
osTicket - Arbitrary File Read
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...
firefox: thunderbird: Sandbox escape in the DOM: Navigation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...
EUVD-2026-43227
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...
CVE-2026-13116
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...
PT-2026-57388
Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce versions prior to 5.14.1 Description An Insecure Direct Object Reference IDOR exists in the generate document shortcode function due to missing validation on a user-controlled key. Authenticated...
CVE-2026-41482
Technical details of CVE-2026-41482 are not publicly available in the provided connected documents. Monitor for updates and refer to the initial description for basic vulnerability context (Frappe Chrome PDF Generator path traversal/LFI fixed in 16.18.3).