UBUNTU-CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

PT-2026-43111

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x prior to 1.7 Description Insufficient HTML sanitization allows for Cascading Style Sheets CSS injection. This occurs when an SVG document contains an animate...

GHSA-3446-6MGW-F79P Grav is Vulnerable to XXE via SVG Upload

Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...

WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.7...

WordPress Quran Translations plugin <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form vulnerability

Cross-Site Request Forgery to Playlist Settings Form vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Quran Translations versions = 1.7...

WordPress plugin Quran Translations 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

Grav CMS 安全漏洞

Grav CMS is an open-source file-based content management system developed by Grav. Versions of Grav CMS such as v1.7.x and earlier contained security vulnerabilities, which were caused by XML external entity injections in the SVG file upload feature...

WordPress plugin Review Map by RevuKangaroo 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Evently 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-22400

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through = 1.7...

WordPress Reuse Builder plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Reuse Builder versions = 1.7...

CVE-2025-49960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through = 1.7...

PT-2025-43221

Name of the Vulnerable Software and Affected Versions LeadBI Plugin for WordPress versions through 1.7 Description The LeadBI Plugin for WordPress contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that...

EUVD-2023-41820

Malicious code in bioql PyPI...

Cursor 安全漏洞

Cursor is an AI code editor from Cursor Open Source. A security vulnerability exists in Cursor 1.7 and earlier versions that stems from inadequate protection of sensitive files and could lead to remote code execution...

WordPress plugin Spare 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists in...

WordPress Spare theme <= 1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Spare versions = 1.7...

AiDex 安全漏洞

AiDex is an artificial intelligence chatbot from AiDex. A security vulnerability exists in Aidex versions prior to 1.7, which stems from improper handling of the content parameter in the /api//message endpoint, which could lead to credential disclosure and sensitive information leakage...

PT-2024-35182 · Unknown · Os Our Team

Name of the Vulnerable Software and Affected Versions: OS Our Team versions 1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it allows for Stored XSS, which means malicious scrip...

PT-2024-24656 · WordPress · Wp Tradingview

Name of the Vulnerable Software and Affected Versions: WP TradingView versions 1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For WP...