PT-2026-25300

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

WordPress plugin Admin Menu Editor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

PT-2026-25302

CVE-2026-32458 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF https://t.co/TCap5cW2sZ...

UBUNTU-CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-trix-serialized-attributes attribute bypassing the DOMPurify sanitizer. An attacker can execute arbitrary JavaScript code within the user's session by...

@burger-editor/blocks (>=4.0.0-alpha.1 <=4.0.0-alpha.7), @burger-editor/client (>=4.0.0-alpha.1 <=4.0.0-alpha.7) +4 more potentially affected by unknown CVE via trix (>=2.0.10 <=2.1.15)

trix NPM version =2.0.10, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =1.0.1, =1.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-TRIX-15481278...

GHSA-QMPG-8XG6-PH5Q Trix has a Stored XSS vulnerability through serialized attributes

Impact The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content ...

Trix has a Stored XSS vulnerability through serialized attributes

Impact The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content ...

Cross-site Scripting (XSS)

Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-trix-serialized-attributes attribute bypassing the DOMPurify sanitizer. An attacker can execute arbitrary JavaScript code within the user's session by crafting HTML...

WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by NumeX in WordPress Plugin Mobile App Editor versions = 1.3.1...

WordPress WP Front User Submit plugin < 5.0.6 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Mike Gozdiskowski in WordPress Plugin WP Front User Submit / Front Editor versions 5.0.6...

Trix has a Stored XSS vulnerability through serialized attributes

The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content is...

Exploit for CVE-2026-30945

🗑️ CVE-2026-30945 StudioCMS IDOR — Arbitrary API Token Revoc...

CVE-2026-32117

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

EUVD-2026-11407

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

CVE-2026-32117

The CVE concerns the grafanacubism-panel Grafana plugin. In versions

CVE-2026-32117

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...