2 matches found
CVE-2026-13251
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
Cross-Site Scripting (XSS)
github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. The vulnerability is possible because it does not sanitize news item title link in NewsPanel.js, allowing a remote attacker to inject arbitrary Javascript through news panel when rendering RSS links...