232 matches found
CVE-2026-57381
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through = 2.2.3...
CVE-2026-57381
The CVE describes a Reflected Cross-Site Scripting vulnerability in the WordPress PropertyHive plugin (PropertyHive) for versions
WordPress PropertyHive plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin PropertyHive versions = 2.2.3...
OPENSUSE-SU-2026:10891-1 gsasl-2.2.3-1.1 on GA media
These are all security issues fixed in the gsasl-2.2.3-1.1 package on the GA media of openSUSE Tumbleweed...
GNU SASL 代码问题漏洞
GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...
Unity Linux 20.1070e Security Update: mutt (UTSA-2026-016745)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016745 advisory. Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line Tenable has extracted the preceding...
CVE-2026-39477
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through = 2.2.3...
CVE-2026-39477
CVE-2026-39477 refers to a missing authorization vulnerability in the WordPress plugin CartFlows (Brainstorm Force), affecting CartFlows versions up to 2.2.3. The root cause is an incorrectly configured access-control mechanism that allows exploitation of access levels. CVSS 3.1 base metrics indi...
PT-2026-31119
CVE-2026-39477 Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… https://t.co/FFNPsLRGYp...
CVE-2026-31822
Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...
SUSE CVE-2026-28683
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated user uploads SVG and creates a hotlink for it, they can achieve stored XSS. This issue has been patched in version 2.2.3...
EUVD-2026-11955
Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...
CVE-2026-32425 WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...
CVE-2026-32425 WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...
Authorization Bypass Through User-Controlled Key
Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via unvalidated resource IDs accepted through LiveArg parameters in multiple LiveComponents. An attacker can access...
CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form
Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...
GO-2026-4615 Gokapi has privilege escalation with auth token in github.com/forceu/gokapi
Gokapi has privilege escalation with auth token in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
Sylius 输入验证错误漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a vulnerability related to input validation. This vulnerability arises from multiple controllers directly using the HTTP Referer header for redirection, which can lead t...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius. This vulnerability stems from the lack of validation for ownership in the POST /api/v2/shop/orders/tokenValue/items endpoint. As a...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...