2446238 matches found
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...
BIT-GITLAB-2026-10087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...
BIT-MYSQL-CLIENT-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
BIT-MARIADB-MIN-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
BIT-MARIADB-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
CVE-2026-3297
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2026-2470
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
CVE-2026-9629
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
Vim: Arbitrary Code Execution via Python Omni-Completion
...
Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
...
Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex
...
Vim: Arbitrary Code Execution via Python Omni-Completion
...
CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
EUVD-2026-36648
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
CVE-2026-9629
The Canvas plugin for WordPress (Canvas) contains a Stored Cross-Site Scripting vulnerability via the 'tag' parameter in all versions up to 2.5.2 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access or higher can inject scripts that e...
CVE-2026-2470
The CVE concerns the WordPress Page Builder: Pagelayer plugin (
EUVD-2026-36647
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
CVE-2026-3297
The CVE-2026-3297 entry concerns the Page Builder: Pagelayer (WordPress) plugin. Affected version: up to and including 2.0.9. Vulnerability type: Stored Cross-Site Scripting via the Anchor block due to insufficient input sanitization and output escaping. Exploitation requires authenticated access...
CVE-2026-3297 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...