1214 matches found
CVE-2026-8847
The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...
CVE-2026-8877
The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...
EUVD-2026-32053
The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...
CVE-2026-8877
The CVE-2026-8877 entry concerns the WordPress plugin Responsive Video Embedder (
PT-2026-43513
The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...
pam_usb 输入验证错误漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained a input validation vulnerability. This vulnerability stems from the lack of an upper limit on the number of ndevices being counted in...
PT-2026-43523
The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem video' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the video...
CVE-2026-9468
A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be...
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...
Mantis Bug Tracker 安全特征问题漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a security vulnerability related to the script-src directive, which allowed bypassing content security policies by uploading specially crafted...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: skaffold, syft, flux-image-automation-controller, dagger, act, argo-cd, argocd-image-updater, external-secrets-operator, pulumi-language-yaml, zot, gitaly, kubescape, apko, melange, pulumi-language-java, kargo, teleport, trufflehog, xeol, kaniko, k9s, wolfictl,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: skaffold, syft, flux-image-automation-controller, dagger, act, argo-cd, argocd-image-updater, external-secrets-operator, pulumi-language-yaml, zot, gitaly, kubescape, apko, melange, pulumi-language-java, kargo, teleport, trufflehog, xeol, kaniko, k9s, wolfictl,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: skaffold, syft, flux-image-automation-controller, dagger, act, argo-cd, argocd-image-updater, external-secrets-operator, pulumi-language-yaml, zot, gitaly, kubescape, apko, melange, pulumi-language-java, kargo, teleport, trufflehog, xeol, kaniko, k9s, wolfictl,...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: skaffold, syft, flux-image-automation-controller, dagger, act, argo-cd, argocd-image-updater, external-secrets-operator, pulumi-language-yaml, zot, gitaly, kubescape, apko, melange, pulumi-language-java, kargo, teleport, trufflehog, xeol, kaniko, k9s, wolfictl,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: flux, trufflehog-fips, flux-fips, rancher-fleet-fips, trufflehog, apko, pulumi-language-java, chainctl, pulumi-language-yaml, k9s, syft-fips, kyverno, external-secrets-operator-fips, bom, gitea-fips, argo-cd, apko-fips, melange, gitlab-rails-ce-fips,...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: flux, trufflehog-fips, flux-fips, rancher-fleet-fips, trufflehog, apko, pulumi-language-java, chainctl, pulumi-language-yaml, k9s, syft-fips, kyverno, external-secrets-operator-fips, bom, gitea-fips, argo-cd, apko-fips, melange, gitlab-rails-ce-fips,...
Astra Linux - уязвимость в qemu
A flaw was discovered in the QEMU virtual crypto device during handling of data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the values of srclen and dstlen in virtiocryptosymophelper, which may lead to a heap buffer overflow if these values differ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside of state checks. If the state is not idle, resolvepreparesrc should immediately fail, and no changes to the global state should occur. However, it srcaddr by attempting to create...
Astra Linux - уязвимость в thunderbird, firefox
A poorly handled security check during the creation of a WebSocket in a WebWorker caused the Content Security Policy’s connect-src header to be ignored. This could lead to connections being made to restricted origins from within WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102....
Malicious code in @mc-xp/mc-monolith-js-src-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...