537 matches found
CVE-2026-15104
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
EUVD-2026-42840
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-15104
Summary: CVE-2026-15104 affects the WordPress plugin “BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot” up to version 4.6.0. The vulnerability is a generic SQL Injection via the ‘lang’ parameter, caused by insufficient escaping of user input and lack of proper preparat...
CVE-2026-15104
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-15104 BetterDocs <= 4.6.0 - Authenticated (Custom+) SQL Injection via 'lang' Parameter
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...
CVE-2026-49776 WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...
EUVD-2026-36896
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...
CVE-2026-49776
CVE-2026-49776 concerns the WordPress GPTranslate plugin, affected versions
WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.31 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites versions = 2.31...
CVE-2026-25901
Lack of output escaping leads to a XSS vector in the multilingual associations component...
[SECURITY] Fedora 43 Update: roundcubemail-1.6.16-1.fc43
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 44 Update: roundcubemail-1.7.1-1.fc44
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
BIT-JOOMLA-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901
Lack of output escaping leads to a XSS vector in the multilingual associations component...
EUVD-2026-31882
Lack of output escaping leads to a XSS vector in the multilingual associations component...
Joomla! CMS 跨站脚本漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site scripting vulnerability, which stems from the lack of output escaping. This vulnerability may lead to cross-site scripting attacks in multilingual integrated components...
PT-2026-43288
Name of the Vulnerable Software and Affected Versions Joomla CMS affected versions not specified Description Lack of output escaping in the multilingual associations component allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an attacker injects malicious scripts into content...