CVE-2026-34241

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

EUVD-2026-30987

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

CVE-2026-3551 Custom New User Notification <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting

The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...

WordPress Custom New User Notification plugin <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom New User Notification versions = 1.2.0...

PT-2026-26707

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Staff members could modify any user's group notification level...

CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

CVE-2023-49098

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

CVE-2018-14997

The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework i.e., systemserver with a package name of android that has been modified by Leagoo or another entity in the supply chain. The systemserv...

PYSEC-2025-233

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

CVE-2025-67715

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

Weblate 授权问题漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. An authorization issue vulnerability exists in Weblate versions prior to 5.15, which stems from the possibility that the API may retrieve user notification settings or list all users, potentially leading to...

EUVD-2019-6998

Malware in sbrugna...

EUVD-2004-1505

Malware in sbrugna...

EUVD-2001-0072

Malware in sbrugna...

EUVD-2016-2869

Malware in sbrugna...

EUVD-2018-6862

Malware in sbrugna...

EUVD-2018-6883

Malware in sbrugna...

EUVD-2005-2751

Malware in sbrugna...

EUVD-2007-4572

Malware in sbrugna...

EUVD-2019-7469

Malware in sbrugna...