1256 matches found
CVE-2026-7860
CVE-2026-7860 describes an information-disclosure risk in Vaadin build tools: Vaadin Maven/Gradle plugins can print the full set of environment variables to build logs when a frontend build fails (non-zero exit). This can expose credentials/secrets in CI logs and artifacts. Affected ranges and fi...
CVE-2026-7860 Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
Apple Security Advisory 05-11-2026-4
Apple Security Advisory 05-11-2026-4 - iOS 16.7.16 and iPadOS 16.7.16 addresses a failed deletion issue...
Apple Security Advisory 05-11-2026-5
Apple Security Advisory 05-11-2026-5 - iOS 15.8.8 and iPadOS 15.8.8 addresses a failed deletion issue...
Apple Security Advisory 05-11-2026-3
Apple Security Advisory 05-11-2026-3 - iPadOS 17.7.11 addresses a failed deletion issue...
CVE-2026-21730
CVE-2026-21730 affects Verba. A stored XSS exists in the login logging path: when an unauthenticated attacker logs in with an incorrect username, the username is recorded without sanitization and can execute in the admin’s browser via the log viewer. Impact aligned to CVSS v4.0 metrics (base scor...
CVE-2026-21730 Stored XSS in Verba
Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...
EUVD-2026-30284
Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...
CVE-2026-6417
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
EUVD-2026-30236
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-6417
The GLS Shipping for WooCommerce plugin for WordPress has a Reflected Cross-Site Scripting vulnerability (CVE-2026-6417) in the failed_orders parameter across all versions up to 1.4.0, caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject scripts in p...
CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-6417
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
PT-2026-40874
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WordPress plugin GLS Shipping for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Verint Verba 跨站脚本漏洞
Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...