CVE-2026-31986 Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5ire 跨站脚本漏洞

5ire is a cross-platform desktop AI assistant from the individual developer Ironben. A cross-site scripting vulnerability exists in 5ire version 0.13.2, which stems from content injection in the chat page script widget...

CVE-2025-8874 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output...

CVE-2020-26285 Widget instances allows a hacker to inject an executable file on the server on OpenMage

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...

Open-Xchange: [XSS] Portal Widget Mail

Hi. No filter for Mail in Widget F244689 Steps - 1. Compose New mail html or plain: F244687 2. Add to Portal this mail F244688 3. Sometimes payload run after Add. If not then go to Portal. OX update the data every 10min and this script will run every 10min in any section. That is, as Crontab. :...