CVE-2026-33336

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload of .prologue.html file when a crafted URL is accessed. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a malicious .prologue.html file and tricki...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

PT-2026-4567

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHP SELF server variable. This makes it possible for unauthenticated attackers to...

CVE-2023-49771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Peter Raschendorfer Smart External Link Click Monitor Link Log allows Reflected XSS.This issue affects Smart External Link Click Monitor Link Log: from n/a through 5.0.2...

EUVD-2004-2252

Malware in sbrugna...

EUVD-2023-53694

Malicious code in bioql PyPI...

EUVD-2025-27425

Malicious code in bioql PyPI...

EUVD-2023-53693

Malicious code in bioql PyPI...

CVE-2025-8897

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'flbuilder' parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2018-18655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer...

CVE-2025-54144

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...

CVE-2025-54144 Internal Firefox open-text URL scheme allowed loading of arbitrary URLs

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...

CVE-2024-4663

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Accept Donations with PayPal & Stripe 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

CVE-2023-49771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Peter Raschendorfer Smart External Link Click Monitor Link Log allows Reflected XSS.This issue affects Smart External Link Click Monitor Link Log: from n/a through 5.0.2...

CVE-2023-49770

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Peter Raschendorfer Smart External Link Click Monitor Link Log allows Stored XSS.This issue affects Smart External Link Click Monitor Link Log: from n/a through 5.0.2...

CVE-2023-49771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Peter Raschendorfer Smart External Link Click Monitor Link Log allows Reflected XSS.This issue affects Smart External Link Click Monitor Link Log: from n/a through 5.0.2...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Peter Raschendorfer Smart External Link Click Monitor Link Log allows Reflected XSS.This issue affects Smart External Link Click Monitor Link Log: from n/a through 5.0.2...

CVE-2023-49771

CVE-2023-49771 affects the WordPress plugin Smart External Link Click Monitor [Link Log] up to version 5.0.2. Descriptions across sources confirm an improper neutralization of input leading to Reflected XSS, exploitable by unauthenticated users. No patch is available; PatchStack notes no fixed ve...