2441 matches found
Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
WP Responsive Images <= 1.0 - Arbitrary File Read
WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...
WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
WordPress Responsive Vector Maps 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user to read arbitrary files on the w...
WordPress ARPrice <3.6.1 - SQL Injection
WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...
CVE-2026-15471
Eleveo Call Recording Software 9.7.0 contains a vulnerability in an unknown portion of /callrec/pci_dss_status.jsp that allows improper authorization. The issue supports remote exploitation and the exploit has been made public. No remediation details are provided in the document. Vendor contact o...
EUVD-2026-42510
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...
EUVD-2026-41670
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.runconversation of the file runagent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The...
CVE-2026-14625 NousResearch hermes-agent server.py shell.exec protection mechanism
A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...
CVE-2026-11589
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...
CVE-2026-13560
A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carri...
CVE-2026-56041
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
CVE-2026-56041
Summary: CVE-2026-56041 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “Responsive Lightbox” up to version 2.7.6. The incident is classified with CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-vector XSS that requires user intera...
CVE-2026-56041 WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
EUVD-2026-39703
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
PT-2026-52756
Name of the Vulnerable Software and Affected Versions Responsive Lightbox versions prior to 2.7.7 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to execute malicious scripts in the browser of a user by injecting code into a web page. Recommendations...
Astra Linux – Vulnerability in Firefox, Thunderbird
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...
OESA-2026-2731 mercurial security update
Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface. Security Fixes: A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects...
CVE-2017-20258
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...
CVE-2017-20258
CVE-2017-20258 concerns the Joomla! extension RPC Responsive Portfolio 1.6.1 . The vulnerability is an SQL injection in the affected component, exploitable by unauthenticated attackers via a crafted HTTP GET request to index.php with the query string option=com_pofos&view=pofo&id=[SQL]. The under...