41 matches found
CVE-2026-12108 Highlighting Code Block <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'font_family' Setting
The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...
EUVD-2020-17969
Malware in sbrugna...
EUVD-2021-11455
Malware in sbrugna...
EUVD-2017-1787
Malware in sbrugna...
EUVD-2009-1675
Malware in sbrugna...
EUVD-2020-23238
Malware in sbrugna...
EUVD-2018-7526
Malware in sbrugna...
EUVD-2024-0813
Malicious code in bioql PyPI...
EUVD-2022-42526
Malicious code in bioql PyPI...
EUVD-2023-45600
Malicious code in bioql PyPI...
EUVD-2023-26614
Malicious code in bioql PyPI...
EUVD-2022-24713
Malicious code in bioql PyPI...
EUVD-2022-42711
Malicious code in bioql PyPI...
CVE-2025-45474
CVE-2025-45474 affects maccms10 v2025.1000.4047, with a Server-Side Request Forgery (SSRF) vulnerability in Email Settings. The connected sources corroborate SSRF as the issue and note limited public remediation: a temporary workaround is to restrict access to Email Settings until a patch is avai...
CVE-2024-1746
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6225
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 and 7.5.1 for the Pro version due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2023-3964
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...
CVE-2022-4393
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4442
The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, i...