CVE-2026-40099

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

EUVD-2026-25368

Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...

PT-2026-31274

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.3 Description An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS issue exists in tagDiv Composer td-composer, allowing Code Injection. This allows for potential code execution...

CVE-2025-50001

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through 5.4.2...

Improper Validation of Specified Type of Input

Overview vrana/adminer is a Database management in a single file. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the ?script=version endpoint, which does not properly validate the origin of incoming POST data. An attacker can cause a...

CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004100 advisory. In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka...

CVE-2025-22713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

WordPress plugin WooCommerce Orders & Customers Exporter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Improper Locking

Overview airunner is a Run local opensource AI models Stable Diffusion, LLMs, TTS, STT, chatbots in a lightweight Python GUI Affected versions of this package are vulnerable to Improper Locking due to DarkLock network restrictions not being activated alongside the OS sandbox in the bundled...

EUVD-2025-205236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

EUVD-2023-60180

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

CVE-2025-34263

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

CVE-2025-34262 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devices/name/{agent_id}

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

Advantech WISE-DeviceOn Server 跨站脚本漏洞

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

CVE-2025-43939

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

EUVD-2025-35459

Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

CVE-2025-53424

Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...