CVE-2026-34397

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

WordPress Ultimate Blocks – Gutenberg Blocks Plugin Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Blocks – Gutenberg Blocks Plugin Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6692 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0c6c4059359d Credit...