CVE-2026-6216

DbGate (up to version 7.1.4) contains a cross-site scripting vulnerability in the SVG Icon String Handler, specifically in the file packages/web/src/icons/FontIcon.svelte. The vulnerability arises from manipulation of the argument applicationIcon within the FontIcon component, allowing an attacke...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2026-34725 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

EUVD-2026-18472

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

EUVD-2020-27046

Malware in sbrugna...

EUVD-2024-33734

Malicious code in bioql PyPI...

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked...

WordPress plugin Total processing card payments for WooCommerce 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

CVE-2024-11036

The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...

CVE-2024-11036

The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...

CVE-2023-36667

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal...

PT-2023-27780 · Ember · Ember Znet

Name of the Vulnerable Software and Affected Versions: Ember ZNet versions 7.1.3 through 7.1.5 Ember ZNet versions 7.2.0 through 7.2.3 Description: The issue is related to TouchLink packets being processed after a timeout or out of range due to Operation on a Resource after Expiration and Missing...

PT-2023-19357 · Unknown · Theonlinehero - Tom Skroza Admin Block Country

Name of the Vulnerable Software and Affected Versions: TheOnlineHero - Tom Skroza Admin Block Country plugin versions prior to 7.1.5 Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions o...

Hundredrabbits Left 跨站脚本漏洞

Hundredrabbits Left is a non-intrusive plain text editor from Hundredrabbits. A cross-site scripting vulnerability exists in Hundredrabbits Left version 7.1.5, which stems from the presence of cross-site scripting XSS that allows an attacker to execute arbitrary code via meta tags...

Hundredrabbits Left 跨站脚本漏洞

Hundredrabbits Left is a non-intrusive plain text editor from Hundredrabbits. A cross-site scripting vulnerability exists in Hundredrabbits Left version 7.1.5, which stems from the presence of cross-site scripting XSS that allows an attacker to execute arbitrary code via filename...

PT-2023-14705 · Hundredrabbits · Hundredrabbits Left

Name of the Vulnerable Software and Affected Versions: Hundredrabbits Left version 7.1.5 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary code via file names. Recommendations: For version 7.1.5, update to a newer version that contains a fix for this issue...

Vulnerabilities fixed in Mattermost

Unspecified vulnerabilities have been fixed in MatterMost. Mattermost has not released any substantive information released, but estimates the severity of the vulnerabilities as MEDIUM. The grading of this security advisory is accordingly accordingly. MatterMost indicates in accordance with their...

Security update for grafana (moderate)

openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2020:1646-1 Rating: moderate References: 1170557 Cross-References: CVE-2020-12245 CVE-2020-13379 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...