CVE-2026-8847

The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...

EUVD-2026-30995

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

Important: valkey

Issue Overview: Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other user...

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

PT-2026-21544

Name of the Vulnerable Software and Affected Versions Valkey versions prior to 9.0.2 Valkey versions prior to 8.1.6 Valkey versions prior to 8.0.7 Valkey versions prior to 7.2.12 Description Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious...

CVE-2025-13961

The Data Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'visualize' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-34307

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default value...

EUVD-2018-19463

Malware in sbrugna...

EUVD-2010-2549

Malware in sbrugna...

EUVD-2012-1327

Malware in sbrugna...

EUVD-2022-3397

Malicious code in bioql PyPI...

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress Integration for Contact Form 7 and Constant Contact Plugin plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.7...

WordPress Wonder Slider Lite plugin <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting

Authenticated Contributor+ Dom-based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Wonder Slider Lite versions = 14.4...

WordPress Image Wall plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Image Wall versions = 3.1...

WordPress Beautiful Cookie Consent Banner plugin <= 4.6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Martin Herancourt in WordPress Plugin Beautiful Cookie Consent Banner versions = 4.6.1...

WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Quick Favicon versions = 0.22.8...

WordPress Leyka plugin <= 3.32 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Leyka versions = 3.32...

WordPress Team Showcase plugin < 25.05.13 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...

WordPress Login/Signup Popup plugin <= 2.9.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Login/Signup Popup versions = 2.9.4...