PT-2026-20859

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in GIMP’s parsing of XWD files, leading to a potential out-of-bounds write. This can allow a remote attacker to execute arbitrary code on systems running affected versions of GIMP...

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which allows attackers to exploit disclosed security flaws for malicious purposes...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which allows attackers to exploit disclosed security flaws for malicious purposes...

PT-2026-20613

The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa order number save number field function. This makes it possible...

PT-2026-20726

Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through = 1.0.6...

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrackerUpdate...

PT-2026-20855

Name of the Vulnerable Software and Affected Versions PDF-XChange Editor affected versions not specified Description A flaw exists within the TrackerUpdate process of PDF-XChange Editor that allows local attackers to escalate privileges on affected systems. An attacker must first have the ability...

WordPress plugin Apollo13 Framework Extensions 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

org.webjars.npm:github-com-nhn-tui-image-editor (=3.10.1), org.webjars.npm:tui-image-editor (=3.15.3) potentially affected by CVE-2026-27013 via org.webjars.npm:fabric (>=3.6.0 <=4.5.0)

org.webjars.npm:fabric MAVEN version =3.6.0, =4.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:fabric and may be impacted: - org.webjars.npm:github-com-nhn-tui-image-editor =3.10.1 - org.webjars.npm:tui-image-editor =3.15.3 Source...

CVE-2026-27177

MajorDoMo exposes a stored XSS via the /objects/?op=set endpoint, usable without authentication for IoT integration. User-supplied property values are stored raw and rendered unescaped in the admin property editor (SOURCE as a paragraph and VALUE in a textarea) on page load. The vulnerability als...

CVE-2026-27177 MajorDoMo Stored Cross-Site Scripting via Property Set Endpoint

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. User-supplied property values are stored raw in the database without sanitization. When an administrat...

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2025-13727

CVE-2025-13727 affects Video Share VOD – Turnkey Video Site Builder Script (WordPress) up to version 2.7.11. It is a Stored XSS via plugin settings exploitable by authenticated editors or higher, with impact on multi-site installs and when unfiltered_html is disabled. Wordfence and related source...

[SECURITY] Fedora 43 Update: vim-9.1.2146-1.fc43

VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more...

WordPress Video Share VOD plugin <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Custom Field Meta Values vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Video Share VOD versions = 2.7.11...

MajorDoMo 跨站脚本漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. MajorDoMo has a cross-site scripting vulnerability. This vulnerability stems from the fact that attribute values provided by users through the /objects/?op=set endpoint are stored without properly...