58810 matches found
CVE-2026-8871
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8842
The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...
CVE-2026-44847
creationtimestamp| type| source ---|---|--- 2026-05-27 06:00:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmstea23hr2r...
CVE-2026-9609
creationtimestamp| type| source ---|---|--- 2026-05-27 05:43:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmssfrtxur2c...
CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page
The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...
CVE-2026-8871 Formidable Kinetic <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8871
The CVE-2026-8871 entry concerns the WordPress plugin Formidable Kinetic . It is vulnerable to a Stored Cross-Site Scripting (XSS) via the shortcodes using the attribute set of the kinetic_link shortcode, in versions up to and including 1.1.01. The root cause is insufficient input sanitization an...
CVE-2026-8871 Formidable Kinetic <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
EUVD-2026-32076
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8871
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8842 Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...
CVE-2026-8842
The CVE-2026-8842 vulnerability affects the WordPress plugin Google+ Link Name (versions
CVE-2026-8842 Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes 'id' and 'name' in the...
CVE-2026-2254
creationtimestamp| type| source ---|---|--- 2026-05-27 05:17:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmsqwkq3f22e...
SUSE CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...
CVE-2026-9156
creationtimestamp| type| source ---|---|--- 2026-05-27 04:57:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmspsorzxi2o...
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
CVE-2026-8606
creationtimestamp| type| source ---|---|--- 2026-05-27 01:48:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmsfb74agt2i...
CVE-2026-9605
creationtimestamp| type| source ---|---|--- 2026-05-27 01:43:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmseyaotzz2e...
CVE-2026-9604
creationtimestamp| type| source ---|---|--- 2026-05-27 01:29:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmse6obg6h2r...