CVE-2026-23489

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

PT-2026-25776

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

EUVD-2020-23750

Malware in sbrugna...

EUVD-2024-53003

Malicious code in bioql PyPI...

MAL-2025-31786 Malicious code in react-flex-dropdowns (npm)

The package react-flex-dropdowns was found to contain malicious code...

Malicious code in react-flex-dropdowns (npm)

The package react-flex-dropdowns was found to contain malicious code...

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...

CVE-2024-56204

Cross-Site Request Forgery CSRF vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through = 1.25...

CVE-2024-56204

Cross-Site Request Forgery CSRF vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through = 1.25...

PT-2024-36739 · Social · Sinking Dropdowns

Name of the Vulnerable Software and Affected Versions: Sinking Dropdowns versions n/a through 1.25 Description: A Cross-Site Request Forgery CSRF vulnerability is present in Yonatan Reinberg of Social Ink's Sinking Dropdowns, allowing Privilege Escalation. Recommendations: For versions n/a throug...

WordPress plugin Sinking Dropdowns 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress Sinking Dropdowns plugin <= 1.25 - CSRF to Privilege Escalation vulnerability

CSRF to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Sinking Dropdowns versions = 1.25...

Cross-site Scripting (XSS)

djangoucamlookup is vulnerable to Cross-Site Scripting XSS attacks. The invocation of jquery select2 to provide searchable dropdowns does not sanitize data coming from the lookup, allowing an attacker to inject and execute malicious JavaScript through formatResult function of the component Lookup...

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...

Cross-Site Scripting in semantic-ui-search

All versions of semantic-ui-search are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

GHSA-P9VV-3945-X93H Cross-Site Scripting in semantic-ui-search

All versions of semantic-ui-search are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...