2 matches found
CVE-2026-7635
The CVE-2026-7635 entry concerns the coreActivity: Activity Logging for WordPress plugin for WordPress, affected up to version 3.0. The vulnerability arises from unsanitized PHP serialization in the User-Agent header stored to the logmeta table and later deserialized via maybe_unserialize() durin...
GHSA-FX98-8W93-4MXR Snipe-IT XSS Vulnerability
Snipe-IT before 4.6.14 has XSS, as demonstrated by logmeta values and the user's last name in the API...