106618 matches found
CVE-2026-4025
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...
EUVD-2026-20276
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
EUVD-2026-20279
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...
EUVD-2026-20270
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...
EUVD-2026-20272
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...
EUVD-2026-20132
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script...
CVE-2026-39629
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...
CVE-2026-39628
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
CVE-2026-39625
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...
CVE-2026-25776
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script...
CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-25776
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script...
CVE-2026-25776
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script...
CVE-2026-25776
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script...
CVE-2026-39674
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through = 3.1.1...
CVE-2026-39629
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...
CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
CVE-2026-39625
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...
Exploit for Eval Injection in Langflow
CVE-2026-33017 - Langflow Unauthenticated RCE...
CVE-2026-5506
The CVE-2026-5506 entry concerns the WordPress Wavr plugin (versions up to 0.2.6). The vulnerability is a Stored Cross-Site Scripting flaw via the plugin’s wave shortcode attributes stemming from insufficient input sanitization and output escaping. The impact allows authenticated attackers with c...