Aruba Instant Access Point (IAP) - Cross-Site Scripting

A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

CVE-2026-9189

Product & component : WordPress, Contact Form 7 – PayPal & Stripe Add-on. Vulnerability : Payment Bypass via IPN handling flaw in cf7pp_paypal_ipn_handler where the IPN payload’s mc_gross, mc_currency, or receiver_email aren’t compared against stored order values before passing the attacker-contr...

CVE-2026-8884

The CVE-2026-8884 entry concerns the Instant-Quote.co Quotation Page plugin for WordPress, vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to 1.3.4. The root cause described is insufficient input sanitization and output escaping. The impact stated is that aut...

CVE-2026-8884 Instant-Quote.co Quotation Page <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Instant-Quote.co Quotation Page 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Instant-Quote.co Quotation Page plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Instant-Quote.co Quotation Page versions = 1.3.4...

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36657c2be433b784c573082d364304325acccf033f70df17dbfe104b0173ccbe claw-subagent-service installs itself as a privileged auto-starting system service Windows service via post-install.js svc.install, with documented...

EUVD-2026-29737

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

EUVD-2026-29738

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

EUVD-2026-29734

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

CVE-2026-23822

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

CVE-2026-23819

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

CVE-2026-23823 Authenticated Command Injection leads to RCE in AOS-10 CLI Command

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

CVE-2026-23822 Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

CVE-2026-23822

CVE-2026-23822 affects the XML handling component of AOS-8 DHCP services on Access Points running AOS Instant 8.x.x.x. The vulnerability allows an unauthenticated remote attacker to trigger a denial-of-service by causing excessive resource consumption after user interaction. The CVSS vector indic...

CVE-2026-23822 Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

CVE-2026-23820 Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and AOS-10 CLI

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlyin...

PT-2026-40339

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

WordPress plugin Slek Gateway for WooCommerce 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...