9945 matches found
CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-4300
Robo Gallery for WordPress is affected up to version 5.1.3 with a Stored XSS in the Loading Label field (rbs_gallery_LoadingWord). The plugin uses a custom |... | marker in fixJsFunction() to embed raw JS within JSON; json_encode() preserves quotes, then fixJsFunction() strips the markers, turnin...
CVE-2026-4300 Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-4300 Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
Security Bulletin: Arbitrary File Read, SSRF, and Code Execution Vulnerabilities in TensorFlow Keras Model Loading (v2.13) affects watsonx.data
Summary A vulnerability in TensorFlow Keras v2.13 allows malicious .keras model files to trigger arbitrary local file reads, Server-Side Request Forgery SSRF, and potential code execution during model loading—even when safemode=True is enabled. The issue arises from improper handling of external...
WordPress plugin Robo Gallery 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MemProcFS 代码问题漏洞
MemProcFS is a physical memory virtual file system analysis tool developed by Ulf Frisk. Versions of MemProcFS prior to 5.17 contained code vulnerabilities. These vulnerabilities stemmed from multiple insecure library loading patterns, which could lead to DLL and shared library hijacking, allowin...
PT-2026-31468
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...
PT-2026-31288
Name of the Vulnerable Software and Affected Versions Robo Gallery versions through 5.1.3 Description The Robo Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting via the 'Loading Label' setting. The plugin utilizes a custom |...| marker pattern within its fixJsFunction...
Updated roundcubemail packages fix security vulnerability
SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...
MGASA-2026-0089 Updated roundcubemail packages fix security vulnerability
SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...
CVE-2026-32861 Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
CVE-2026-1839
A flaw was found in HuggingFace Transformers. A remote attacker can exploit this vulnerability by supplying a specially crafted checkpoint file e.g., rngstate.pth. The loadrngstate method in the Trainer class loads this file using torch.load without proper validation, specifically missing the...
CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...
CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...
CVE-2026-35483 text-generation-webui has a Path Traversal in load_template() — .jinja/.yaml/.yml file read without authentication
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...
EUVD-2026-19586
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated user provided "key" value could be...
CVE-2026-33227
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...
UBUNTU-CVE-2026-33227
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...