19058 matches found
PT-2026-60793
Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the before action ensure admin...
CVE-2026-44175
Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...
CVE-2026-44175 Kirby: Cross-site scripting (XSS) from list field content in the site frontend
Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...
CVE-2026-44175
Kirby has a stored XSS vulnerability in the list field prior to versions 4.9.1 and 5.4.1 due to server-side sanitization on save not being applied (HTML in list field not escaped without breaking formatting). The content is stored as HTML and could be sent via Kirby’s API bypassing the Panel, the...
CVE-2026-63081
Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...
CVE-2026-63081 Perfect Support Ticketing System 1.7 Stored XSS via Ticket Notes Field
Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...
CVE-2026-63081
The CVE-2026-63081 entry describes a stored XSS in the Perfect Support Ticketing & Document Management System (v1.7). Authenticated attackers with Agent-level privileges can inject scripts into the Notes field of assigned tickets, causing the script to run in the browser context of any viewer (in...
CVE-2026-63305 AVideo through 29.0 OS Command Injection via ffmpeg.json.php
AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Attackers who can craft a valid encrypted payload can inject arbitrary shell metacharacters into thes...
CVE-2026-15021
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...
EUVD-2026-44899
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2026-15021
The wpForo Forum plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the 'location' Profile Field across all versions up to 3.1.1. The issue stems from insufficient input sanitization and output escaping; sanitize_text_field() at input does not encode double q...
CVE-2026-15021 wpForo Forum <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'location' Profile Field
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2026-13741
The CVE-2026-13741 entry concerns the Digits: WordPress Mobile Number Signup and Login plugin for WordPress, vulnerable in all versions up to and including 9.1.0.5. The root cause is missing authorization and role validation in the dig_update_wpwc_custom_fields() function, allowing authenticated ...
CVE-2026-15458
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
EUVD-2026-44867
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2026-15458 SEO Booster <= 7.3.1 - Authenticated (Administrator+) SQL Injection via 'sort_field' Parameter
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2026-52890
CVE-2026-52890 affects Wekan (open-source Kanban, Meteor-based) before version 9.31. A logged-in board member can insert an attachment via the DDP /attachments/insert method using attacker-controlled versions.original.path and versions.original.storage. The insert rule checks only board write acc...
EUVD-2026-44704
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...
JLSEC-2026-759
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field...
CVE-2026-41580
Stirling-PDF (local web app) exposes a Reflected XSS via crafted PDF metadata in the /get-info-on-pdf endpoint. Prior to version 2.0.0, Title and Author metadata were rendered without proper HTML encoding/sanitization, allowing attacker-controlled JavaScript to execute in a user’s browser when vi...