CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

EUVD-2026-5268

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

CVE-2026-0950

The CVE-2026-0950 affects the Spectra Gutenberg Blocks – Website Builder for the Block Editor WordPress plugin. All versions up to 2.19.17 are reported vulnerable to Information Disclosure due to failing to check post_password_required() before rendering post excerpts in render_excerpt() and in u...

PT-2026-6499

Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto , constructor, and...

PT-2026-6340

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

CVE-2026-20405

creationtimestamp| type| source ---|---|--- 2026-02-02 23:52:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdw24cxzjz2h 2026-02-02 23:53:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdw255aha32a...

CVE-2026-20422

creationtimestamp| type| source ---|---|--- 2026-02-02 23:29:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvytc2crh22 2026-02-02 23:52:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdw24okykh27...

CVE-2026-20421

creationtimestamp| type| source ---|---|--- 2026-02-02 23:29:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvyt3o4rw27 2026-02-02 23:30:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvyu2rucb2a...

CVE-2026-20420

creationtimestamp| type| source ---|---|--- 2026-02-02 23:29:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvysxumd42m 2026-02-02 23:30:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvyttp3z722...

CVE-2025-66480

creationtimestamp| type| source ---|---|--- 2026-02-02 23:29:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvysr5by623 2026-02-02 23:29:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvytlluca25...

CVE-2026-22778

creationtimestamp| type| source ---|---|--- 2026-02-02 23:21:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvyebz7eh2h 2026-02-02 23:28:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvyretvka24 2026-02-02 23:29:17+00:00| seen|...

CVE-2026-25142

creationtimestamp| type| source ---|---|--- 2026-02-02 23:18:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvy7k6mqx2h 2026-02-02 23:18:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvy7z5mdq24 2026-02-05 21:23:40+00:00| seen|...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Slider Widget vulnerability discovered by 0liveira in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Multislider Widget vulnerability discovered by Drian - Pato Academy in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Carousel Widget vulnerability discovered by RandomRoot in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

CVE-2025-47359

creationtimestamp| type| source ---|---|--- 2026-02-02 16:59:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvd2bdm7p23 2026-02-02 17:00:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvd2zbtg224...

CERTFR-2026-ACT-005

creationtimestamp| type| source ---|---|--- 2026-02-02 14:24:55+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mdv2f55uwk26 2026-02-02 15:42:59+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mdv6qqjhxb2m 2026-02-06 23:48:20+00:00| seen|...

CVE-2026-23997

creationtimestamp| type| source ---|---|--- 2026-02-02 10:50:35+00:00| published-proof-of-concept| https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-4v7v-7v7r-3r5h 2026-02-02 23:21:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvyeaundd2r 2026-02-02...

WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Grid vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.7...