PT-2026-43589

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

WordPress Endless Scroll plugin <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by MAJidox in WordPress Plugin Endless Scroll versions = 1.0.0...

CVE-2026-24195

CVE-2026-24195 : NVIDIA GPU Display Driver for Linux contains a vulnerability in Unified Virtual Memory (UVM) where improper input validation could be exploited to cause a denial of service. The issue is listed in NVIDIA’s May 2026 security bulletin with a CVSS v3.1 base score of 7.1 (HIGH) and l...

CVE-2026-40383

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

EUVD-2026-31888

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

CVE-2026-26147

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

CVE-2026-27427 WordPress Geo Mashup plugin <= 1.13.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

PT-2026-43204

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

PT-2026-43295

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of user-supplied input leads to a local file inclusion, which allows an attacker to include files on the local server. Recommendations At the...

CVE-2026-45435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

CVE-2025-62745

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28...

WordPress plugin WP Activity Log 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

Improper Input Validation

com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...

CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

Security Bulletin: IBM i is Affected by an Improper Validation Vulnerability in zlib [CVE-2026-27171]

Summary Zlib for IBM i is vulnerable to increased CPU consumption when using functions crc32combine64 and crc32combine64gen64 CVE-2026-27171 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via...

CVE-2026-33000

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...