CVE-2019-25643

creationtimestamp| type| source ---|---|--- 2026-03-24 13:54:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhspysaiyz2p...

CVE-2026-26985

creationtimestamp| type| source ---|---|--- 2026-02-26 01:05:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfpyw4brcq2d 2026-02-26 05:15:58+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mfqgvmufgs2h 2026-02-26 07:17:19+00:00| seen|...

CVE-2026-1985

CVE-2026-1985 : Connected document identifies a concrete vulnerability in the WordPress Press3D plugin (versions

CVE-2026-1985 Press3D <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

WordPress Press3D plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability discovered by WordFence in WordPress Plugin Press3D versions = 1.0.2...

CVE-2026-22867

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...

CVE-2025-59384

creationtimestamp| type| source ---|---|--- 2026-01-02 17:43:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbhgzjvezu2o 2026-01-02 18:54:57+00:00| seen| Telegram/fKGzgPxm4HdOPbxQ-IlBp8HZpa9ZU7wv577tZMCQId7qg 2026-01-02 21:56:58+00:00| seen|...

EUVD-2021-0462

Malware in sbrugna...

PT-2025-38694

Name of the Vulnerable Software and Affected Versions MuYuCMS versions prior to 2.7 Description A server-side request forgery condition exists in MuYuCMS. The issue is located in an unknown function within the /index/index.html file of the Add Fiend Link Handler component. Manipulation of the Lin...

CVE-2025-58746

The CVE-2025-58746 issue affects the Volkov Labs Business Links panel for Grafana, where prior to version 2.4.0 an Editor can escalate to Administrator due to arbitrary JavaScript code injection in the Layout → Link → URL field. The vulnerability enables arbitrary administrative actions on affect...

CVE-2025-7440

The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item'buttonlink''url' parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-7439 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link

Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anberitem'buttonlink''url'’ parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-54310

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...

CVE-2024-1074

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2021-29434

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

U.S. Dept Of Defense: Cross-Site Scripting via 'return_link_url' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website. The vulnerability was found in the 'returnlinkurl' parameter, which allowed an attacker to inject malicious scripts that could be executed. Exploitation of this vulnerability could have led to consequences such as cookie theft...

PT-2024-36822 · Linkace · Linkace

Name of the Vulnerable Software and Affected Versions: LinkAce versions prior to 1.15.6 Description: A reflected cross-site scripting XSS issue exists in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response...

CVE-2024-1074

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2024-16503 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the link url parameter in the audio widget, caused by insufficient...