EUVD-2026-9633

Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through = 4.4.7...

CVE-2026-25311

CVE-2026-25311 relates to the WordPress plugin Autoshare for Twitter (versions up to and including 2.3.1). The root cause is a missing/incorrectly configured authorization mechanism leading to a broken access control vulnerability. The impact is described as enabling actions due to insufficient a...

PT-2026-7498

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg tw options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings includi...

EUVD-2023-27792

Malicious code in bioql PyPI...

CVE-2024-10116

The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10116

The CVE 2024-10116 entry concerns the Twitter Follow Button plugin for WordPress (affected versions: all up to 0.2). It describes a Stored Cross-Site Scripting vulnerability via the username parameter, caused by insufficient input sanitization and output escaping. Exploitation requires authentica...

CVE-2024-51659

Cross-Site Request Forgery CSRF vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through = 2.0...

CVE-2024-51659 WordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through = 2.0...

CVE-2024-51659 WordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through = 2.0...

CVE-2024-51716

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gopiplus Twitter real time search scrolling twitter-real-time-search-scrolling allows Reflected XSS.This issue affects Twitter real time search scrolling: from n/a through = 7.0...

CVE-2024-51716 WordPress Twitter real time search scrolling plugin <= 7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gopiplus Twitter real time search scrolling twitter-real-time-search-scrolling allows Reflected XSS.This issue affects Twitter real time search scrolling: from n/a through = 7.0...

CVE-2024-51716 WordPress Twitter real time search scrolling plugin <= 7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gopiplus Twitter real time search scrolling twitter-real-time-search-scrolling allows Reflected XSS.This issue affects Twitter real time search scrolling: from n/a through = 7.0...

CVE-2024-51716

CVE-2024-51716 : Reflected Cross-Site Scripting in Twitter real time search scrolling plugin. Affected: Twitter real time search scrolling (from n/a to 7.0). Root cause per description: improper neutralization of input during web page generation leading to XSS. CVSS v3.1 base score 7.1 (HIGH); At...

WordPress Twitter real time search scrolling Plugin <= 7.0 is vulnerable to Cross Site Scripting (XSS)

Software Twitter real time search scrolling Type Plugin Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51716 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5ded87af36a1 Credits SOPROBRO Required...

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 CVSS score: 9.8, the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager FGFM protocol. "A missing...

Exploit for OS Command Injection in Paloaltonetworks Expedition

CVE-2024-9464: Palo Alto Expedition Authenticated Command Inje...

Exploit for SQL Injection in Paloaltonetworks Expedition

CVE-2024-9465: Palo Alto Expedition Unauthenticated SQL Inject...

Exploit for Use of Hard-coded Credentials in Solarwinds Web_Help_Desk

CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential...

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier...

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in...