4508 matches found
CVE-2026-48878 WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Visual Link Preview = 2.4.1 versions...
EUVD-2026-36854
Subscriber Sensitive Data Exposure in Visual Link Preview = 2.4.1 versions...
CVE-2026-48878
The CVE-2026-48878 entry describes a Sensitive Data Exposure vulnerability in the WordPress Visual Link Preview plugin up to version 2.4.1. Affected software: WordPress Visual Link Preview plugin (versions
PT-2026-49484
Name of the Vulnerable Software and Affected Versions Visual Link Preview versions prior to 2.4.2 Description An issue in the plugin leads to the exposure of sensitive subscriber data. Recommendations Update to version 2.4.2 or later...
SUSE CVE-2026-45106
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...
CVE-2026-45106
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...
EUVD-2026-36114
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...
CVE-2026-45106 Weblate: Stored HTML injection in editor search preview
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...
CVE-2026-45106 Weblate: Stored HTML injection in editor search preview
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...
CVE-2026-45106
Weblate (web-based localization tool) is affected by a stored HTML injection/XSS in the live search preview prior to version 2026.5, where unit source and context are rendered without escaping, allowing HTML/CSS that runs in authenticated editors of other users performing a matching search. The i...
CVE-2026-8599
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...
CVE-2026-41980
Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
June 9, 2026—KB5094125 (OS Build 26100.32995)
June 9, 2026—KB5094125 OS Build 26100.32995 This cumulative update for Windows Server 2025 KB5094125, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates,...
CVE-2026-8599 MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content Field
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...
EUVD-2026-35377
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...
CVE-2026-8599
The CVE covers the WordPress plugin MailerPress (Email Marketing, Newsletter, Email Automation & WooCommerce Emails) with stored XSS in Campaign HTML Content Field across versions up to 2.0.4. Exploitation requires author-level access (authenticated, Author+), and affects pages loaded in the admi...
CVE-2026-41980
Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-35341
Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-41980
Technical details are not publicly available in the provided documents. This CVE entry lacks specifics on affected product/version, root cause, or remediation. Monitor for updates from Huawei advisories and the CVE record.
CVE-2026-41980
Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...