CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...

CVE-2026-1925

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on update_template_data in all versions up to 1.6.2. Authenticated attackers with Subscriber-level access and above can modify the title of a...

CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...

PT-2026-20291

Name of the Vulnerable Software and Affected Versions EmailKit – Email Customizer for WooCommerce & WP versions prior to 1.6.3 Description The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing...

CVE-2025-54852

A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

EUVD-2003-0062

Malware in sbrugna...

EUVD-2003-0060

Malware in sbrugna...

EUVD-2003-0066

Malware in sbrugna...

EUVD-2003-0064

Malware in sbrugna...

EUVD-2012-1441

Malware in sbrugna...

EUVD-2003-0063

Malware in sbrugna...

EUVD-2003-0059

Malware in sbrugna...

EUVD-2023-2091

Malicious code in bioql PyPI...

EUVD-2022-2817

Malicious code in bioql PyPI...

EUVD-2024-47554

Malicious code in bioql PyPI...

CVE-2024-0370

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2022-23465

SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing...

Cross site scripting

Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php...

CVE-2015-8971

Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063...

Design/Logic Flaw

DISPUTED Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE:...