131 matches found
Real-Time Webhook Notifications: No More Lost Security Alerts
Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a spam rule. By the time anyone sees it, the incident is already in full swing—no ticket opened, no Slack message sent, no automated workflow triggered. The...
CVE-2026-3604
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-39946
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseo ative tab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress WP SEO Structured Data Schema plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP SEO Structured Data Schema versions = 2.8.1...
CVE-2026-32870
Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...
Cross-site Scripting (XSS)
Overview @apostrophecms/seo is a SEO Tools for ApostropheCMS Affected versions of this package are vulnerable to Cross-site Scripting XSS in renderNodes, via SEO Title and Meta Description values, where user-controlled input is rendered without proper output encoding into HTML contexts such as...
CVE-2026-35569
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. There is a security vulnerability in jq, which stems from the use of the MurmurHash3 algorithm that relies on hard-coded public seeds. This vulnerability could allow attackers to exploit the system by providing...
EUVD-2026-10426
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...
EUVD-2026-10427
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...
Novarain/Tassos Framework, , SQL Injection
allow SQL injection and unauthenticated file reads. Attackers can chain these issues for administrator takeover and remote code execution on unpatched systems. Affected extensions include Convert Forms, EngageBox, Google Structured Data, Advanced Custom Fields, and Smile Pack, all relying on the...
CVE-2025-13096
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...
WordPress Schema & Structured Data for WP & AMP plugin <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via User Custom Schema vulnerability discovered by type5afe in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.54...
CVE-2025-14069
This CVE (CVE-2025-14069) affects Schema & Structured Data for WP & AMP (WordPress) up to version 1.54, via Stored Cross-Site Scripting in the saswp_custom_schema_field. Affected actor must have Contributor+ rights; exploitation would run scripts on pages when viewed by users. The Wordfence entry...
WordPress Plugin: Schema & Structured Data for WP & AMP – Cross-Browser Script Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-8075
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...
GT Edge AI 安全漏洞
GT Edge AI is an edge AI solution from US-based GT Edge AI. A security vulnerability exists in versions prior to GT Edge AI v2.0.10-dev, which originates from the injection of a specially crafted JSON payload that could lead to the execution of arbitrary code...
WordPress Schema & Structured Data for WP & AMP plugin <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.51...
WordPress plugin Schema & Structured Data for WP & AMP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-44708
Name of the Vulnerable Software and Affected Versions Schema & Structured Data for WP & AMP plugin for WordPress versions through 1.51 Description The Schema & Structured Data for WP & AMP plugin for WordPress has a Stored Cross-Site Scripting issue related to the 'saswp tiny multiple faq'...