71 matches found
CVE-2026-12157
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
EUVD-2026-37982
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
CVE-2026-12157
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
CVE-2026-12157
CVE-2026-12157 affects the WordPress plugin BetterDocs (Knowledge Base Docs & FAQ Solution for Elementor & Block Editor). Versions up to 4.5.3 are vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block. Root cause: CategorySlate...
CVE-2026-12157 BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
PT-2026-50837
Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the url field in Slate link or image nodes during rich-text rendering and parsing. An attacker can execute arbitrary JavaScript in the context of the user's browser by crafting content with malicious URL...
Cross-site Scripting (XSS)
Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the url field in Slate link or image nodes during rich-text rendering and parsing. An attacker can execut...
TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes
TinaCMS rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and execut...
PT-2026-50737
Name of the Vulnerable Software and Affected Versions @tinacms/mdx versions prior to 2.1.7 tinacms versions prior to 3.9.3 Description Rich-text parsing and the default link/image renderers fail to sanitize the url field on Slate link/image nodes. This allows content containing javascript: or...
CVE-2026-24067
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...
CVE-2026-24067
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...
CVE-2026-24066
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...
CVE-2026-24067
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The root cause is a PID-based client validation that is vulnerable to a time-of-check time-of-u...
CVE-2026-24067 Slate Digital Connect macOS XPC PID validation privilege escalation
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...
CVE-2026-24066
Slate Digital Connect 1.37.0 for macOS exposes a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that serves an XPC service (com.slatedigital.connect.privileged.helper.tool2). The root cause is that the helper validates connecting XPC clients by checking only the subject....
CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...
Slate Digital Connect 安全漏洞
Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from the XPC service verifying the client only based on the subject.OU value of the client’s...
Slate Digital Connect 安全漏洞
Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from a check-time and usage-time race condition in the PID-based client authentication process. ...
PT-2026-48401
Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...