CVE-2026-39708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...

WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration Stripe versions = 1.3.14...

EUVD-2026-20415

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...

CVE-2026-39708 WordPress UiCore Elements plugin <= 1.3.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...

CVE-2026-39708

CVE-2026-39708 affects the WordPress UiCore Elements plugin (uicore-elements) up to version 1.3.14. The issue is a Stored XSS due to improper neutralization of input during web page generation. Affected software: UiCore Elements (WordPress plugin)

CVE-2025-68536

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through = 1.3.14...

CVE-2025-68536 WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through = 1.3.14...

WordPress plugin Zota 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zota versions = 1.3.14...

EUVD-2025-205188

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through = 1.3.14...

PT-2025-53099

Name of the Vulnerable Software and Affected Versions thembay Zota versions n/a through 1.3.14 Description An improper control of filename for include/require statement exists in thembay Zota, potentially allowing PHP Local File Inclusion. The issue involves the inclusion of files without proper...

WordPress plugin Zota 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload

KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...

EUVD-2025-32427

KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...

CVE-2025-61681

Summary (CVE-2025-61681, KUNO CMS): Versions 1.3.13 and earlier of KUNO CMS are affected by a file-upload validation flaw that enables stored XSS via uploaded SVG files. The upload endpoint only checks Content-Type, lacks content analysis, and has no extension-whitelisting, allowing scripts embed...

EUVD-2024-40165

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-45807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the...

CVE-2025-23622

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sabuj Kundu CBX Accounting & Bookkeeping cbxwpsimpleaccounting allows Reflected XSS.This issue affects CBX Accounting & Bookkeeping: from n/a through = 1.3.14...

CVE-2025-23622 WordPress CBX Accounting & Bookkeeping plugin <= 1.3.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sabuj Kundu CBX Accounting & Bookkeeping cbxwpsimpleaccounting allows Reflected XSS.This issue affects CBX Accounting & Bookkeeping: from n/a through = 1.3.14...

WordPress plugin CBX Accounting & Bookkeeping 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...