EUVD-2026-12794

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

EUVD-2026-12791

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

CVE-2026-22323

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

CVE-2026-22323 Cross‑Site Request Forgery in Link Aggregation Configuration

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

CVE-2026-22323

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

CVE-2026-22323

CVE-2026-22323 describes a CSRF flaw in the Link Aggregation configuration interface. An unauthenticated attacker can lure authenticated users to a malicious page to cause unauthorized POSTs, silently altering device configuration. Availability impact is low because the device auto-recovers after...

CVE-2026-22323 Cross‑Site Request Forgery in Link Aggregation Configuration

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

CVE-2026-22322

CVE-2026-22322 describes a stored XSS in the Link Aggregation configuration interface. An unauthenticated attacker can create a trunk entry containing malicious HTML/JavaScript; when the affected page is viewed, the script executes in the victim’s browser, enabling unauthorized interface manipula...

CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

WordPress [CR]Paid Link Manager plugin <= 0.5 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin CRPaid Link Manager versions = 0.5...

EUVD-2026-12763

The CRPaid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2026-1780

The CRPaid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2026-1780 [CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting

The CRPaid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2026-1780 [CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting

The CRPaid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2026-1780

The CVE-2026-1780 entry concerns the WordPress plugin CR]Paid Link Manager, vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to 0.5 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts into pa...

CVE-2026-33058

creationtimestamp| type| source ---|---|--- 2026-03-18 03:17:27+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33058 2026-03-18 16:34:17+00:00| seen| https://bsky.app/profile/cydave.bsky.social/post/3mhdw4uc4w225 2026-03-19 09:28:13+00:00| seen|...

CVE-2026-31900

creationtimestamp| type| source ---|---|--- 2026-03-18 00:45:47+00:00| seen| https://bsky.app/profile/crustytldr.bsky.social/post/3mhcb4wx6he2r 2026-04-02 01:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/78374 2026-04-02 03:00:05+00:00| published-proof-of-concept|...