CVE-2026-31859

Craft is a content management system CMS. The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes...

CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

CVE-2025-24585 WordPress Event post plugin <= 5.9.7 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through = 5.9.7...

CVE-2025-24585

CVE-2025-24585 is a stored XSS vulnerability in the WordPress plugin “Event post” (N.O.U.S. Open Useful and Simple Event post), affecting versions up to and including 5.9.7. The issue arises from improper neutralization of input during web page generation, allowing stored cross-site scripting. Pu...

WordPress plugin Event post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Unspecified Vulnerability (May 2023) - Linux

WordPress is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

WordPress Unspecified Vulnerability (May 2023) - Windows

WordPress is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

strongSwan 4.x < 5.9.8 DoS Vulnerability

strongSwan is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2022-22782

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local...

Haystack Arq for Mac 'setpermissions' function elevation of privilege vulnerability

Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. auto-updater is one of the auto-updater components. An elevation of privilege vulnerability exists in the 'setpermissions' function of auto-updater in versions of Haystack Arq for Mac prior to 5.9.7. A local...