CVE-2026-4032

CodeColorer for WordPress is affected by a stored cross-site scripting vulnerability in the cc shortcode’s class attribute, affecting versions up to and including 0.10.1 due to insufficient input sanitization and output escaping. Exploitation requires comments to be enabled on the target post and...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the attributionlink property, which constructs HTML by directly interpolating user-controlled fields without escaping. An attacker can execute arbitrary JavaScript in the context of users viewing ingredient o...

PT-2026-33305

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

PT-2026-33199

Name of the Vulnerable Software and Affected Versions WP YouTube Lyte versions prior to 1.7.30 Description The WP YouTube Lyte plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes with...

PT-2026-33262

Name of the Vulnerable Software and Affected Versions Custom New User Notification plugin for WordPress versions prior to 1.2.1 Description Stored Cross-Site Scripting is possible via the admin settings due to insufficient input sanitization and output escaping on multiple settings fields. The...

D-Link DI-8003 and DI-8003G Buffer Overflow Vulnerability

The D-Link DI-8003 and DI-8003G are both wireless routers from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003 and DI-8003G. The vulnerability is caused due to incorrect boundary checking in the wanping.asp script and can be exploited by an attacker to cause a...

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17632)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the tggl.asp script, which can be exploited by an attacker to cause a denial of service...

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17631)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the shutset.asp script and can be exploited by an attacker to cause a denial of service...

PT-2026-33303

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

PT-2026-33246

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Powershell Profile Persistence

This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...

EUVD-2026-22977

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

CVE-2026-20132

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

Malicious code in cpu-optimizers2-33 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb2ab5bcc8a1a35fbd4e5d9b19ac517134ea3fd497e66d7d7126089743804a1c Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-2694 Malicious code in cpu-optimizers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f82b75da107c50f4d2f3cf5587e7db58a0dc91b77f8511226ff9219623dc145a Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Malicious code in neverinstallme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a369ecd7616b1dcdbeeca091c3b5bb9df2096c863fe89e9b45154708d5453a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

CVE-2026-3659

The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the circliful shortcode and via multiple shortcode attributes of the circlifuldirect shortcode in all versions up to and including 1.2. This is due to insufficient input...

CVE-2026-3643

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...

CVE-2026-4011

The CVE-2026-4011 entry describes a Stored Cross-Site Scripting flaw in the Power Charts Lite WordPress plugin (versions