15544 matches found
CVE-2026-11600
The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...
EUVD-2026-41244
The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...
PT-2026-54982
Editor Arbitrary Code Execution in Five Star Business Profile and Schema = 2.3.19 versions...
PT-2026-55053
Name of the Vulnerable Software and Affected Versions WPIDE – File Manager & Code Editor versions prior to 3.5.7 Description An unauthenticated Cross Site Request Forgery CSRF issue exists. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not intend to do ...
Cross-site Scripting (XSS)
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the dynamic image URL generator view within the admin interface. An attacker with a limited-permission editor account can execute arbitrary...
CVE-2026-54263
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...
CVE-2026-55886
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...
CVE-2026-58263
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...
CVE-2026-54756
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...
CVE-2026-54263
Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: < 7.0.8, < 7.3.3,
CVE-2026-58263
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/...
CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...
CVE-2026-58263
CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...
CVE-2026-54756
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...
CVE-2026-54756
The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...
CVE-2026-54756 Jodit Editor: Prototype pollution via Jodit.configure() / ConfigMerge
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...
CVE-2026-55886 Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...
CVE-2026-55886
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...
CVE-2026-55886
CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...