CVE-2026-11062

CVE-2026-11062 affects Google Chrome extensions: insufficient policy enforcement in Extensions allows an attacker to inject scripts/HTML into a privileged page when a user installs a crafted malicious extension. Impact is partial integrity compromise of privileged pages; exploit not confirmed in ...

CVE-2026-23652

Microsoft Power Pages is affected by CVE-2026-23652, a remote code execution vulnerability due to improper neutralization of special elements used in a command injection. The issue allows an unauthenticated attacker to trigger code execution over the network with no user interaction, by exploitin...

CVE-2026-34564

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Manageme...

PT-2026-1112

Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A flaw exists in code-projects Content Management System that allows for SQL injection. The issue is located in the /pages.php file, specifically through manipulation of the ID...

CVE-2025-9551 Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

EUVD-2014-1330

Malware in sbrugna...

EUVD-2023-53200

Malicious code in bioql PyPI...

EUVD-2025-30528

Malicious code in bioql PyPI...

CVE-2024-8759 Nested Pages <= 3.2.8 - Editor+ Stored XSS

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-24310

CVE-2025-24310 affects JTEKT ELECTRONICS HMI ViewJet C-more series. The vulnerability is described as improper restriction of rendered UI layers or frames (CWE-1021), which could allow a remote unauthenticated attacker to trick a product user into performing operations on the product’s web pages....

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.193...

CVE-2025-23563 WordPress Explore pages plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a through = 1.01...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24989link is external Microsoft Power Pages Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 CVSS score: 8.6 - Microsoft Bing Remote Code Execution Vulnerability...

CVE-2025-24989 Microsoft Power Pages Elevation of Privilege Vulnerability

...

PT-2024-22260 · Ubee · Ubee Ddw365

Name of the Vulnerable Software and Affected Versions: UBEE DDW365 XCNDDW365 version 8.14.3105 on hardware 3.13.1 Description: The issue allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via several ASP pages, including RgFirewallEL.asp, RgDdns.asp, RgTime.asp,...

CVE-2023-0042

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...

PT-2022-13674 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.5 through 14.7.6 GitLab CE/EE versions 14.8 through 14.8.4 GitLab CE/EE versions 14.9 through 14.9.1 Description: The issue concerns improper authorization in GitLab Pages, allowing an attacker to steal a user's acces...

GitLab Community Edition和GitLab Enterprise Edition 授权问题漏洞

GitLab Enterprise Edition is a content management system.GitLab Community Edition is a community edition of GitLab from GitLab, Inc. An authorization issue vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE, which is vulnerable due to incorrect authorization in GitLab...

CVE-2022-24718 Path Traversal in ssr-pages

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...