PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

EUVD-2023-41769

Malicious code in bioql PyPI...

CVE-2023-37898

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. packages/renderer/MarkupToHtml.ts renders note content in safe mode by surrounding it with and , without escaping any...

CVE-2023-37898 Safe mode Cross-site Scripting (XSS) vulnerability in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. packages/renderer/MarkupToHtml.ts renders note content in safe mode by surrounding it with and , without escaping any...

CVE-2023-37898

In Joplin, a safe-mode XSS flaw stems from MarkupToHtml.ts wrapping note content with ... without escaping interior HTML, allowing an attacker to inject HTML/JS in a note and run code via the preview iframe with top-level access. Affected versions are 2.12.8 and earlier; fixed in 2.12.9. Upgrade ...

WordPress plugin Paid Memberships Pro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-17740 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro WordPress plugin versions prior to 2.12.9 Description: The issue allows users with at least the contributor role to leak other users' sensitive metadata. Recommendations: For versions prior to 2.12.9, update to version...