CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-1591

Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...

PT-2026-1647

Name of the Vulnerable Software and Affected Versions Frenify Arlo versions through 6.0.3 Description A flaw exists in Frenify Arlo that allows for Reflected Cross-site Scripting XSS. This issue arises from improper input validation during web page generation. The vulnerability could potentially...

PT-2026-1571

Name of the Vulnerable Software and Affected Versions Simple User Meta Editor versions prior to 1.0.1 Description The Simple User Meta Editor plugin for WordPress has a flaw that allows an attacker to inject malicious web scripts into pages viewed by users. This is due to a lack of proper...

PT-2026-1962

Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal versions prior to 4.5.6 Devolutions PowerShell Universal versions prior to 5.6.13 Description A cross-site scripting issue exists in Devolutions PowerShell Universal. This allows for potential malicious code...

Linux Distros Unpatched Vulnerability : CVE-2026-0628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extensio...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

CVE-2026-0628 involves insufficient policy enforcement in Chrome/Chromium WebView handling, allowing a user to be convinced to install a malicious extension that can inject scripts or HTML into a privileged page. Affected software is Chromium-based and prior to version 143.0.7499.192 (Chrome desk...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

CVE-2020-36924 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 is affected by a remote file inclusion vulnerability in the content material URL parameter. The issue allows attackers to inject arbitrary client-side scripts, potentially hijacking user sessions, performing cross-site scripting, and altering display content by m...

PT-2026-1549

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.192 Description Insufficient policy enforcement in the WebView tag allows a remote attacker to inject scripts or HTML into privileged pages via a crafted Chrome extension. This issue can be exploited ...

FIBARO System Home Center 安全漏洞

FIBARO System Home Center is a series of smart home core central control hosts from the Polish company FIBARO. A security vulnerability exists in FIBARO System Home Center version 5.021, which stems from a remote file inclusion vulnerability in the undocumented proxy API that could lead to the...

PT-2026-1440

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

PT-2026-1457

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts configuration form modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0...

CVE-2025-49346

Cross-Site Request Forgery CSRF vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through = 5.2...