6921 matches found
Advanced Text Widget < 2.0.2 - Cross-Site Scripting
A cross-site scripting XSS vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4618 info: name: Advanced Text Widget 2.0.2 - Cross-Site Scripting author:...
PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. id: CVE-2023-40752 info: name: PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...
PHPJabbers Callback Widget v1.0 - Cross-Site Scripting
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...
Wordpress Polls Widget < 1.5.3 - SQL Injection
The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks id: CVE-2021-24442 inf...
MAL-2026-6231 Malicious code in improvado-layout-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e The package's top-level fluentpanelmetrics/init.py defines bootstrapruntimeprofile and unconditionally invokes it at import. The function opens a TCP...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fixed the potential null pointer dereferencing issue. It is possible that the topology parsing function audioreachwidgetloadmodulecommon might return NULL or an error pointer. A NULL check should be added ...
CVE-2026-8118 Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
CVE-2026-8118
The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...
Malicious code in fluent-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...
MAL-2026-6182 Malicious code in fluent-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...
EUVD-2026-37626
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...
CVE-2026-52698
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...
CVE-2024-35690
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component...
CVE-2026-52698
The CVE concerns the WordPress PushEngage plugin (versions
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component...
UBUNTU-CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability wa...
CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component...