Tuleap 跨站请求伪造漏洞

Tuleap is an open-source suite developed by Enalean, aimed at improving the management of software development and collaboration. Tuleap has a cross-site request forgeing vulnerability, which stems from the lack of CSRF protection in the Overview section. This vulnerability could potentially tric...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CTT-Memory-Vortex-20805 ​This script utilizes the \alpha=0.030...

BIT-MOODLE-2025-3644 Moodle: ajax section delete does not respect course_can_delete_section()

A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify...

Malicious code in @acqui-calm-library/acqui-hero-carousel-section (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45f704f47a1967aa0078611eb8d426733e5bc5d4a5146a61261b55b823d9357e The package @acqui-calm-library/acqui-hero-carousel-section was found to contain malicious code...

EUVD-2026-4535

Malicious code in @acqui-calm-library/acqui-hero-carousel-section npm...

📄 AVideo 18.0 Cross Site Scripting

AVideo version 18.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : AVideo 18.0 XSS vulnerability | | Author : indoushka | | Tested on : windo...

Azure Linux 3.0 Security Update: binutils (CVE-2025-7545)

The version of binutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-7545 advisory. - A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is...

MiracleLinux 8 : shim-15.8-4.el8_9.ML.1 (AXSA:2024-7744:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7744:01 advisory. shim: RCE in http boot support may lead to Secure Boot bypass CVE-2023-40547 shim: Interger overflow leads to heap buffer overflow in...

CVE-2026-0833

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticate...

CVE-2026-0833

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticate...

CVE-2026-0833

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticate...

CVE-2026-0833 Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticate...

CVE-2026-0833 Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticate...

CVE-2026-0833

CVE-2026-0833 corresponds to a Stored Cross-Site Scripting vulnerability in the WordPress Team Section Block plugin (versions

EUVD-2026-3146

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticate...

SUSE CVE-2025-71109

In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Since commit e424054000878 "MIPS: Tracing: Reduce the overhead of dynamic Function Tracer", the macro UASMiLAmostly has been used, and this macro can...

PT-2026-3352

The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticate...

WordPress plugin Team Section Block has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Team Section Block plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Social Network Link vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Team Section Block versions = 2.0.0...

CVE-2025-67025

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...