CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

EUVD-2026-31208

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

PT-2026-42543

Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have a security vulnerability. This vulnerability arises from failing to clean up the path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field...

PT-2026-42393

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

PT-2026-42609

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NC ATTACHMENT FIELD SIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial ...

CVE-2026-39405 Frappe has Path Transversal via SCORM

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

EUVD-2026-31092

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

CVE-2026-22315

CVE-2026-22315 : An Incorrect Privilege Assignment vulnerability affects the Mesalvo Meona ecosystem, specifically the Meona Client Launcher Component (through 19.06.2020 15:11:49) and the Meona Server Component (through 2025.04 5+323020). The issue enables export of user data, including cleartex...

RHSA-2026:19362 Red Hat Security Advisory: gimp security update

Bulletin has no description...

Astra Linux - уязвимость в gimp

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow attacks. Through a specially crafted XCF file, the program will allocate a large amount of memory, leading to insufficient memory resources or the program crashing...

Astra Linux - уязвимость в sudo

In Sudo before 1.9.12p2, the sudoedit also known as -e feature improperly handles additional arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process. This can lead to...

Astra Linux - уязвимость в vim

Use After Free in the GitHub repository vim/vim before version 9.0.0389...

Astra Linux - уязвимость в vim

Improper validation of specified quantities in the input in the GitHub repository’s Vim/Vim version prior to 9.0.0218...

Astra Linux - уязвимость в dojo

In Dijit versions prior to 1.11.11, as well as versions that are equal to or greater than 1.12.0 and less than 1.12.9, and also versions that are equal to or greater than 1.13.0 and less than 1.13.8, 1.14.0 and less than 1.14.7, 1.15.0 and less than 1.15.4, and 1.16.0 and less than 1.16.3, there ...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.1376...