30 matches found
CVE-2026-0012
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-9230
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-22672
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-25805
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
CVE-2026-25805
Zed Editor (multiplayer code editor) before version 0.219.4 fails to reveal the parameters used when invoking a tool and does not show post-invocation parameters, creating a potential for unnoticed use of unwanted or malicious values. A fix is included in 0.219.4 which adds expandable tool call d...
CVE-2026-25805
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
PT-2026-7326
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
EUVD-2006-4739
Malware in sbrugna...
CVE-2025-2510
The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
CVE-2025-2510
The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
CVE-2025-2510 Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter
The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
CVE-2025-2510 Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter
The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
WordPress Frndzk Expandable Bottom Bar plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via text Parameter vulnerability discovered by johska in WordPress Plugin Frndzk Expandable Bottom Bar versions = 1.0...
The vulnerability of the Jenkins automation server arises from improper handling of input during the creation of web pages. This allows attackers to carry out attacks using XSS techniques, with the ability to manipulate files in the working areas.
The vulnerability of the Jenkins automation server relates to the absence of a protection mechanism for the value of the “caption” parameter in the ExpandableDetailsNote configuration. Exploiting this vulnerability allows an attacker to carry out attacks using XSS techniques, with the ability to...
GHSA-5J46-5HWQ-GWH7 Jenkins Cross-site Scripting vulnerability
ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote. This results in a stored...
PT-2023-8996 · Jenkins +1 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS versions 2.414.1 and earlier Description: The issue is related to the lack of escaping of the caption constructor parameter value of ExpandableDetailsNote, resulting in a stored cross-site scripting XSS...
WordPress Expandable Paywall Plugin <= 2.0.16 is vulnerable to Cross Site Scripting (XSS)
Software Expandable Paywall Type Plugin Vulnerable versions = 2.0.16 Fixed in 2.0.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4f52f28e3436 Credits Rafie Muhammad Patchstack...
DRUPAL-CONTRIB-2023-028
This module enables you to render a field in an expandable/collapsible region. The module doesn't sufficiently sanitize the field content when displaying it to an end user. This vulnerability is mitigated by the fact that an attacker must have a role capable of creating content that uses the fiel...
Expandable Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-028
This module enables you to render a field in an expandable/collapsible region. The module doesn't sufficiently sanitize the field content when displaying it to an end user. This vulnerability is mitigated by the fact that an attacker must have a role capable of creating content that uses the fiel...
CVE-2022-40738
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4EsDescriptor::WriteFields and AP4Expandable::Write...