Post Grid <= 2.2.50 - Information Exposure via REST API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. id: CVE-2023-40211 info: name: Post Grid = 2.2.50 - Information Exposure via REST API...

Essential Grid <= 3.1.0 - Cross-Site Scripting

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability in ThemePunch OHG Essential Grid plugin = 3.1.0 versions. id: CVE-2023-47684 info: name: Essential Grid = 3.1.0 - Cross-Site Scripting author: 0xpugal severity: medium description: | Unauthenticated Reflected Cross-Site Scripting XS...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libheif vulnerabilities (USN-8454-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8454-1 advisory. Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files...

CVE-2017-20280

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

EUVD-2017-19007

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

CVE-2017-20280

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

CVE-2026-12360

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

Malicious code in dash-grid-normalizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...

MAL-2026-5725 Malicious code in dash-grid-normalizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...

CVE-2026-9019

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-9019 Easy Image Collage <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-9019 Easy Image Collage <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-9019

CVE-2026-9019 affects the WordPress plugin Easy Image Collage (versions up to and including 1.13.6). The issue is a Stored Cross-Site Scripting (Stored XSS) vulnerability arising from insufficient input sanitization and output escaping in the parameters grid[properties][borderColor] and grid[imag...

PT-2026-48394

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachment url' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

openSUSE 15 : Recommended update for aazure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text, python-azure-appconfiguration, python-azure-appconfiguration-provider, python-azure-batch, python-azure-cognitiveservices-anomalydetector, python-azure-cognitiveservices-knowledge-qnamaker, python-azure-cognitiveservices-language-luis, python-azure-cognitiveservices-language-spellcheck, python-azure-cognitiveservices-language-textanalytics, python-azure-cognitiveservices-search-autosuggest, python-azure-cognitiveservices-search-customimagesearch, python-azure-cognitiveservices-search-customsearch, python-azure-cognitiveservices-search-entitysearch, python-azure-cognitiveservices-search-imagesearch, python-azure-cognitiveservices-search-videosearch, python-azure-cognitiveservices-search-websearch, python-azure-cognitiveservices-vision-computervision, python-azure-cognitiveservices-vision-contentmoderator, python-azure-cognitiveservices-vision-customvision, python-azure-cognitiveservices-vision-face python-azure-communication-callautomation, python-azure-communication-chat, python-azure-communication-email, python-azure-communication-messages, python-azure-communication-phonenumbers, python-azure-communication-rooms, python-azure-communication-sms, python-azure-core, python-azure-core-tracing-opencensus, python-azure-core-tracing-opentelemetry, python-azure-cosmos, python-azure-data-tables, python-azure-datalake-store, python-azure-developer-devcenter, python-azure-developer-loadtesting, python-azure-digitaltwins-core, python-azure-eventgrid, python-azure-eventhub, python-azure-eventhub-checkpointstoreblob, python-azure-eventhub-checkpointstoreblob-aio, python-azure-graphrbac, python-azure-health-deidentification, python-azure-healthinsights-radiologyinsights, python-azure-identity, python-azure-identity-broker, python-azure-keyvault-administration, python-azure-keyvault-certificates, python-azure-keyvault-keys, python-azure-keyvault-secrets, python-azure-keyvault-securitydomain, python-azure-maps-geolocation, python-azure-maps-route, python-azure-maps-timezone, python-azure-messaging-webpubsubclient, python-azure-messaging-webpubsubservice, python-azure-mgmt-apimanagement, python-azure-mgmt-appcomplianceautomation, python-azure-mgmt-appconfiguration, python-azure-mgmt-appcontainers, python-azure-mgmt-applicationinsights, python-azure-mgmt-appplatform, python-azure-mgmt-arizeaiobservabilityeval, python-azure-mgmt-astro, python-azure-mgmt-authorization, python-azure-mgmt-avs, python-azure-mgmt-azurestackhcivm, python-azure-mgmt-batch, python-azure-mgmt-batchai, python-azure-mgmt-billing, python-azure-mgmt-billingbenefits, python-azure-mgmt-carbonoptimization, python-azure-mgmt-cdn, python-azure-mgmt-chaos, python-azure-mgmt-cloudhealth, python-azure-mgmt-cognitiveservices, python-azure-mgmt-communication, python-azure-mgmt-compute, python-azure-mgmt-computefleet, python-azure-mgmt-computerecommender, python-azure-mgmt-computeschedule, python-azure-mgmt-confluent, python-azure-mgmt-connectedcache, python-azure-mgmt-containerinstance, python-azure-mgmt-containerorchestratorruntime, python-azure-mgmt-containerregistry, python-azure-mgmt-containerservice, python-azure-mgmt-containerservicefleet, python-azure-mgmt-containerservicesafeguards, python-azure-mgmt-core, python-azure-mgmt-cosmosdb, python-azure-mgmt-databasewatcher, python-azure-mgmt-databox, python-azure-mgmt-databoxedge, python-azure-mgmt-datafactory, python-azure-mgmt-datalake-store, python-azure-mgmt-datamigration, python-azure-mgmt-dataprotection, python-azure-mgmt-dellstorage, python-azure-mgmt-dependencymap, python-azure-mgmt-desktopvirtualization, python-azure-mgmt-devcenter, python-azure-mgmt-deviceregistry, python-azure-mgmt-devopsinfrastructure, python-azure-mgmt-devtestlabs, python-azure-mgmt-digitaltwins, python-azure-mgmt-dns, python-azure-mgmt-dnsresolver, python-azure-mgmt-durabletask, python-azure-mgmt-edgeorder, python-azure-mgmt-edgezones, python-azure-mgmt-elastic, python-azure-mgmt-elasticsan, python-azure-mgmt-eventgrid, python-azure-mgmt-eventhub, python-azure-mgmt-extendedlocation, python-azure-mgmt-fabric, python-azure-mgmt-frontdoor, python-azure-mgmt-hardwaresecuritymodules, python-azure-mgmt-hdinsight, python-azure-mgmt-hdinsightcontainers, python-azure-mgmt-healthcareapis, python-azure-mgmt-healthdataaiservices, python-azure-mgmt-hybridcompute, python-azure-mgmt-imagebuilder, python-azure-mgmt-impactreporting, python-azure-mgmt-informaticadatamanagement, python-azure-mgmt-iotfirmwaredefense, python-azure-mgmt-iothub, python-azure-mgmt-iotoperations, python-azure-mgmt-keyvault, python-azure-mgmt-kubernetesconfiguration-extensions, python-azure-mgmt-kubernetesconfiguration-extensiontypes, python-azure-mgmt-kubernetesconfiguration-fluxconfigurations, python-azure-mgmt-kusto, python-azure-mgmt-lambdatesthyperexecute, python-azure-mgmt-largeinstance, python-azure-mgmt-loganalytics, python-azure-mgmt-logz, python-azure-mgmt-media, python-azure-mgmt-migrationassessment, python-azure-mgmt-migrationdiscoverysap, python-azure-mgmt-mobilenetwork, python-azure-mgmt-mongocluster, python-azure-mgmt-mongodbatlas, python-azure-mgmt-monitor, python-azure-mgmt-msi, python-azure-mgmt-mysqlflexibleservers, python-azure-mgmt-neonpostgres, python-azure-mgmt-netapp, python-azure-mgmt-network, python-azure-mgmt-networkcloud, python-azure-mgmt-newrelicobservability, python-azure-mgmt-onlineexperimentation, python-azure-mgmt-oracledatabase, python-azure-mgmt-paloaltonetworksngfw, python-azure-mgmt-pineconevectordb, python-azure-mgmt-planetarycomputer, python-azure-mgmt-playwright, python-azure-mgmt-playwrighttesting, python-azure-mgmt-portalservicescopilot, python-azure-mgmt-postgresqlflexibleservers, python-azure-mgmt-powerbiembedded, python-azure-mgmt-privatedns, python-azure-mgmt-purestorageblock, python-azure-mgmt-quantum, python-azure-mgmt-qumulo, python-azure-mgmt-quota, python-azure-mgmt-rdbms, python-azure-mgmt-recoveryservices, python-azure-mgmt-recoveryservicesbackup, python-azure-mgmt-recoveryservicesdatareplication, python-dnspython, python-trio, python-websocket-client, python-anyio (SUSE-SU-SUSE-RU-2026:2237-2)

"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2026:2237-2 advisory. This update for azure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai- agents, python-azure-ai-formrecognizer,...

SUSE-RU-2026:2237-2 Recommended update for aazure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text, python-azure-appconfiguration, python-azure-appconfiguration-provider, python-azure-batch, python-azure-cognitiveservices-anomalydetector, python-azure-cognitiveservices-knowledge-qnamaker, python-azure-cognitiveservices-language-luis, python-azure-cognitiveservices-language-spellcheck, python-azure-cognitiveservices-language-textanalytics, python-azure-cognitiveservices-search-autosuggest, python-azure-cognitiveservices-search-customimagesearch, python-azure-cognitiveservices-search-customsearch, python-azure-cognitiveservices-search-entitysearch, python-azure-cognitiveservices-search-imagesearch, python-azure-cognitiveservices-search-videosearch, python-azure-cognitiveservices-search-websearch, python-azure-cognitiveservices-vision-computervision, python-azure-cognitiveservices-vision-contentmoderator, python-azure-cognitiveservices-vision-customvision, python-azure-cognitiveservices-vision-face python-azure-communication-callautomation, python-azure-communication-chat, python-azure-communication-email, python-azure-communication-messages, python-azure-communication-phonenumbers, python-azure-communication-rooms, python-azure-communication-sms, python-azure-core, python-azure-core-tracing-opencensus, python-azure-core-tracing-opentelemetry, python-azure-cosmos, python-azure-data-tables, python-azure-datalake-store, python-azure-developer-devcenter, python-azure-developer-loadtesting, python-azure-digitaltwins-core, python-azure-eventgrid, python-azure-eventhub, python-azure-eventhub-checkpointstoreblob, python-azure-eventhub-checkpointstoreblob-aio, python-azure-graphrbac, python-azure-health-deidentification, python-azure-healthinsights-radiologyinsights, python-azure-identity, python-azure-identity-broker, python-azure-keyvault-administration, python-azure-keyvault-certificates, python-azure-keyvault-keys, python-azure-keyvault-secrets, python-azure-keyvault-securitydomain, python-azure-maps-geolocation, python-azure-maps-route, python-azure-maps-timezone, python-azure-messaging-webpubsubclient, python-azure-messaging-webpubsubservice, python-azure-mgmt-apimanagement, python-azure-mgmt-appcomplianceautomation, python-azure-mgmt-appconfiguration, python-azure-mgmt-appcontainers, python-azure-mgmt-applicationinsights, python-azure-mgmt-appplatform, python-azure-mgmt-arizeaiobservabilityeval, python-azure-mgmt-astro, python-azure-mgmt-authorization, python-azure-mgmt-avs, python-azure-mgmt-azurestackhcivm, python-azure-mgmt-batch, python-azure-mgmt-batchai, python-azure-mgmt-billing, python-azure-mgmt-billingbenefits, python-azure-mgmt-carbonoptimization, python-azure-mgmt-cdn, python-azure-mgmt-chaos, python-azure-mgmt-cloudhealth, python-azure-mgmt-cognitiveservices, python-azure-mgmt-communication, python-azure-mgmt-compute, python-azure-mgmt-computefleet, python-azure-mgmt-computerecommender, python-azure-mgmt-computeschedule, python-azure-mgmt-confluent, python-azure-mgmt-connectedcache, python-azure-mgmt-containerinstance, python-azure-mgmt-containerorchestratorruntime, python-azure-mgmt-containerregistry, python-azure-mgmt-containerservice, python-azure-mgmt-containerservicefleet, python-azure-mgmt-containerservicesafeguards, python-azure-mgmt-core, python-azure-mgmt-cosmosdb, python-azure-mgmt-databasewatcher, python-azure-mgmt-databox, python-azure-mgmt-databoxedge, python-azure-mgmt-datafactory, python-azure-mgmt-datalake-store, python-azure-mgmt-datamigration, python-azure-mgmt-dataprotection, python-azure-mgmt-dellstorage, python-azure-mgmt-dependencymap, python-azure-mgmt-desktopvirtualization, python-azure-mgmt-devcenter, python-azure-mgmt-deviceregistry, python-azure-mgmt-devopsinfrastructure, python-azure-mgmt-devtestlabs, python-azure-mgmt-digitaltwins, python-azure-mgmt-dns, python-azure-mgmt-dnsresolver, python-azure-mgmt-durabletask, python-azure-mgmt-edgeorder, python-azure-mgmt-edgezones, python-azure-mgmt-elastic, python-azure-mgmt-elasticsan, python-azure-mgmt-eventgrid, python-azure-mgmt-eventhub, python-azure-mgmt-extendedlocation, python-azure-mgmt-fabric, python-azure-mgmt-frontdoor, python-azure-mgmt-hardwaresecuritymodules, python-azure-mgmt-hdinsight, python-azure-mgmt-hdinsightcontainers, python-azure-mgmt-healthcareapis, python-azure-mgmt-healthdataaiservices, python-azure-mgmt-hybridcompute, python-azure-mgmt-imagebuilder, python-azure-mgmt-impactreporting, python-azure-mgmt-informaticadatamanagement, python-azure-mgmt-iotfirmwaredefense, python-azure-mgmt-iothub, python-azure-mgmt-iotoperations, python-azure-mgmt-keyvault, python-azure-mgmt-kubernetesconfiguration-extensions, python-azure-mgmt-kubernetesconfiguration-extensiontypes, python-azure-mgmt-kubernetesconfiguration-fluxconfigurations, python-azure-mgmt-kusto, python-azure-mgmt-lambdatesthyperexecute, python-azure-mgmt-largeinstance, python-azure-mgmt-loganalytics, python-azure-mgmt-logz, python-azure-mgmt-media, python-azure-mgmt-migrationassessment, python-azure-mgmt-migrationdiscoverysap, python-azure-mgmt-mobilenetwork, python-azure-mgmt-mongocluster, python-azure-mgmt-mongodbatlas, python-azure-mgmt-monitor, python-azure-mgmt-msi, python-azure-mgmt-mysqlflexibleservers, python-azure-mgmt-neonpostgres, python-azure-mgmt-netapp, python-azure-mgmt-network, python-azure-mgmt-networkcloud, python-azure-mgmt-newrelicobservability, python-azure-mgmt-onlineexperimentation, python-azure-mgmt-oracledatabase, python-azure-mgmt-paloaltonetworksngfw, python-azure-mgmt-pineconevectordb, python-azure-mgmt-planetarycomputer, python-azure-mgmt-playwright, python-azure-mgmt-playwrighttesting, python-azure-mgmt-portalservicescopilot, python-azure-mgmt-postgresqlflexibleservers, python-azure-mgmt-powerbiembedded, python-azure-mgmt-privatedns, python-azure-mgmt-purestorageblock, python-azure-mgmt-quantum, python-azure-mgmt-qumulo, python-azure-mgmt-quota, python-azure-mgmt-rdbms, python-azure-mgmt-recoveryservices, python-azure-mgmt-recoveryservicesbackup, python-azure-mgmt-recoveryservicesdatareplication, python-dnspython, python-trio, python-websocket-client, python-anyio

This update for azure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text,...

Important: libheif

Issue Overview: libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap...

CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

CVE-2026-5428

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...

CVE-2026-49054

Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2...