CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations)

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

CVE-2026-26188

The vulnerability CVE-2026-26188 affects Solspace Freeform plugin for Craft CMS 5.x. An authenticated, low-privilege user who can create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel builder and integrations views. User-controlled form labels and integration metadata are re...

GHSA-JP3Q-WWP3-PWV9 Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

Summary An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to store...

CVE-2019-18994

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty .JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service...

CVE-2019-18997

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting...

CVE-2019-18995

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting...

CVE-2019-7225

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

EUVD-2019-16769

Malware in sbrugna...

EUVD-2018-2688

Malware in sbrugna...

EUVD-2018-10726

Malware in sbrugna...

EUVD-2016-3365

Malware in sbrugna...

CVE-2020-36626

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function addpostcontentfilteredtosearchsql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

ABB CP635 HMI Lack of encryption or authenticity checks against firmware binary files (CVE-2019-7229)

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: Utilization of USB/SD Card to flash the device and Remote provisioning process via ABB Panel Builder 600 over FTP. Neither of these transmission methods implements any form of encryption...

ABB PB610 Panel Builder 600 Use of Hard-Coded Credentials (CVE-2019-7225)

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool Panel Builder 600 to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

CVE-2020-36626

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function addpostcontentfilteredtosearchsql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

Sql injection

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function addpostcontentfilteredtosearchsql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

Panel Builder 跨站脚本漏洞

Panel Builder is an open source plugin from Modern Tribe Agency. It is used for block content control in WordPress Classic Editor. Panel Builder has a security vulnerability. Attackers use this vulnerability to perform sql injection attacks...

CVE-2020-36626 Modern Tribe Panel Builder Plugin SearchFilter.php add_post_content_filtered_to_search_sql sql injection

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function addpostcontentfilteredtosearchsql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2020-36626 Modern Tribe Panel Builder Plugin SearchFilter.php add_post_content_filtered_to_search_sql sql injection

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function addpostcontentfilteredtosearchsql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2020-36626

CVE-2020-36626 affects the Modern Tribe Panel Builder Plugin. The vulnerability is in the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php , where manipulation enables a SQL injection. It can be exploited remotely, and the exploit has been disclosed to ...