EUVD-2026-36781

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

PT-2026-49324

Name of the Vulnerable Software and Affected Versions matze wastebin version 3.4.1 Description An HTML injection issue in the /src/highlight.rs component allows attackers to execute arbitrary scripts using a crafted payload. HTML injection is a process where an attacker inserts malicious HTML cod...

CVE-2026-50883

CVE-2026-50883 refers to an HTML injection in the matze wastebin project (v3.4.1) affecting the internal component /src/highlight.rs . The root cause is not explicitly detailed beyond mention of HTML injection via a crafted payload, leading to arbitrary script execution. The vulnerability is rate...

CVE-2026-45560 Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

📄 WordPress Highlight and Share 5.2.0 Missing Authentication

WordPress Highlight and Share plugin versions 5.2.0 and below suffers from a missing authentication vulnerability. Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link:...

Malicious code in sd-basket-highlight (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-2098 Malicious code in sd-basket-highlight (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2026-13156

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

Updated vim packages fix security vulnerabilities

OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...

WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Zeeshan Haider in WordPress Plugin Highlight and Share versions = 5.2.0...

CVE-2025-67586

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

EUVD-2025-202067

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

CVE-2025-67586

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

CVE-2025-67586

CVE-2025-67586 corresponds to a Missing Authorization vulnerability in the WordPress plugin Highlight and Share (highlight-and-share). Public details in connected docs confirm affected software: Highlight and Share (WordPress plugin) vulnerable up to version 5.2.0. The CVE has CVSS v3.1 base scor...

CVE-2025-67586 WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

CVE-2025-67586 WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

WordPress plugin Highlight and Share 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-49960

Name of the Vulnerable Software and Affected Versions Ronald Huereca Highlight and Share versions through 5.2.0 Description A missing authorization issue exists in Ronald Huereca Highlight and Share, allowing exploitation of incorrectly configured access control security levels. Recommendations...

WordPress Just Highlight plugin cross-site scripting vulnerability

WordPress Just Highlight plugin is a WordPress plugin mainly used for highlighting code snippets in posts or pages with syntax highlighting support. WordPress Just Highlight plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...