49 matches found
PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
...
MINI-P52Q-X3PF-5PQ5
Bulletin has no description...
CVE-2026-1397
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
WordPress PQ Addons - Creative Elementor Widgets plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes vulnerability
WordPress PQ Addons - Creative Elementor Widgets plugin = 1.0.0 - Authenticated Contributor+ Stored Cross-Site Scripting via Widget Attributes vulnerability discovered by WordFence in WordPress Plugin PQ Addons – Creative Elementor Widgets versions = 1.0.0...
EUVD-2026-14153
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
CVE-2026-1397
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
CVE-2026-1397
Summary: The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) via widget attributes in all versions up to and including 1.0.0, caused by insufficient input sanitization and output escaping on the html_tag parameter in the PQ Section ...
CVE-2026-1397 PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
CVE-2026-1397
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
CVE-2026-1397 PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
PT-2026-26810
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the html tag parameter in the PQ Section Title widget. This...
WordPress plugin PQ Addons – Creative Elementor Widgets 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120
The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...
GHSA-RRXV-PMQ9-X67R uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120
The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...
CVE-2025-14180
CVE-2025-14180 affects PHP’s PDO PostgreSQL driver when using PDO::ATTR_EMULATE_PREPARES and can cause a NULL return from PQescapeStringConn on certain invalid parameter sequences, leading to a NULL pointer dereference in pdo_parse_params() and potential server crashes. Connected advisories confi...
EUVD-2021-32226
Malicious code in bioql PyPI...
Bulletproof Host Stark Industries Evades EU Sanctions
In May 2025, the European Union levied financial sanctions on the owners ofStark Industries Solutions Ltd. , a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But ne...
Malicious code in @zalastax/nolb-pq (npm)
The package @zalastax/nolb-pq was found to contain malicious code...
MAL-2025-10332 Malicious code in @zalastax/nolb-_pq (npm)
The package @zalastax/nolb-pq was found to contain malicious code...
Malicious code in @zalastax/nolb-_pq (npm)
The package @zalastax/nolb-pq was found to contain malicious code...