36 matches found
CVE-2026-57391
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...
CVE-2026-57391 WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...
WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Loops & Logic versions = 4.2.3...
CVE-2026-54823
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
EUVD-2026-39365
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget versions = 4.2.3...
CVE-2026-8159 multiparty vulnerable to ReDoS via filename parsing
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...
PT-2026-32092
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get current url function, which are inserted into...
CVE-2026-33481
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001887)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001887 advisory. The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to...
EUVD-2011-0431
Malware in sbrugna...
CVE-2025-0877
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting XSS. This issue affects Reservation Management System: before 4.2.3...
pgAgent 安全漏洞
pgAgent is an open source job scheduler for PostgreSQL from the pgAdmin Project. A security vulnerability exists in pgAgent versions prior to 4.2.3 that stems from insufficient initialization of the random number generator used to generate directory names, which allows a local attacker to...
CVE-2022-45830
Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3...
WordPress plugin Jobify 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-12565 · Thimpress · Thimpress Learnpress
Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress versions 4.2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in ThimPress LearnPress. Recommendations: For ThimPress LearnPress versions 4.2.3 and earlier, update to a version late...
Exploit for Cross-site Scripting in Sygnoos Popup_Builder
CVE-2023-6000 PoC How does this detection method work?...
TAIWAN-CA(TWCA) JCICSecurityTool Input Validation Error Vulnerability
TAIWAN-CATWCA JCICSecurityTool is an application from Taiwan Web Certification TWCA. An input validation error vulnerability exists in TAIWAN-CATWCA JCICSecurityTool version v4.2.3.32, which stems from insufficient filtering of special characters in registry-related functions, and can be exploite...
EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
Overview EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Takeshi Miura of N.F.Laboratories Inc. reported this vulnerability to EC-CUBE CO.,LTD. EC-CUBE CO.,LTD. In...