228 matches found
Astra Linux - уязвимость в thunderbird, firefox
An attacker could have exploited a use-after-free issue through the Custom Highlight API, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
📄 WordPress Highlight and Share 5.2.0 Missing Authentication
WordPress Highlight and Share plugin versions 5.2.0 and below suffers from a missing authentication vulnerability. Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link:...
MAL-2026-2098 Malicious code in sd-basket-highlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sd-basket-highlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2026-13156
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...
Updated vim packages fix security vulnerabilities
OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...
WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Zeeshan Haider in WordPress Plugin Highlight and Share versions = 5.2.0...
CVE-2025-67586
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...
EUVD-2025-202067
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...
CVE-2025-67586
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...
CVE-2025-67586 WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...
CVE-2025-67586 WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...
CVE-2025-67586
CVE-2025-67586 corresponds to a Missing Authorization vulnerability in the WordPress plugin Highlight and Share (highlight-and-share). Public details in connected docs confirm affected software: Highlight and Share (WordPress plugin) vulnerable up to version 5.2.0. The CVE has CVSS v3.1 base scor...
PT-2025-49960
Name of the Vulnerable Software and Affected Versions Ronald Huereca Highlight and Share versions through 5.2.0 Description A missing authorization issue exists in Ronald Huereca Highlight and Share, allowing exploitation of incorrectly configured access control security levels. Recommendations...
WordPress plugin Highlight and Share 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Just Highlight plugin cross-site scripting vulnerability
WordPress Just Highlight plugin is a WordPress plugin mainly used for highlighting code snippets in posts or pages with syntax highlighting support. WordPress Just Highlight plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...
CVE-2025-13311
The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2025-13311
The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
EUVD-2025-199567
The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2025-13311 Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting
The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...