WordPress SiteOrigin Widgets Bundle plugin <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-url DOM Element Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.68.5...

Malicious code in widgets-networkupdatetool (npm)

--- -= Per source details. Do not edit below this line.=-...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: ipc4-topology: Strengthening the loops for querying ALH copiers Other non-DAI copier widgets may have the same stream name sname as the ALH copier. In that case, copier-data will be NULL, and no alhdata will be...

CVE-2025-49185

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-49191

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...

CVE-2025-49185

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-49191

CVE-2025-49191 describes code execution via linked URLs embedded when creating iFrame widgets and dashboards. The vulnerability affects dashboards/iFrame widget creation where attacker-supplied URLs are embedded, enabling code execution when other users load the affected dashboard. Exploitation r...

CVE-2025-49185 Stored Cross-Site-Script

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-49185 Stored Cross-Site-Script

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-49185

CVE-2025-49185 is a stored cross-site scripting vulnerability affecting SICK Field Analytics and SICK Media Server. The issue arises in dashboard widgets: an attacker who can create new widgets can inject malicious JavaScript into the Transform Function, which executes when the widget processes d...

SICK Field Analytics和SICK Media Server 跨站脚本漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from the...

CVE-2025-2918

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-2918 Ultimate Blocks – WordPress Blocks Plugin <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-46526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in janekniefeldt My Custom Widgets mycustomwidget allows Reflected XSS.This issue affects My Custom Widgets: from n/a through = 2.0.5...

CVE-2025-46526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in janekniefeldt My Custom Widgets mycustomwidget allows Reflected XSS.This issue affects My Custom Widgets: from n/a through = 2.0.5...

CVE-2025-46526 WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in janekniefeldt My Custom Widgets mycustomwidget allows Reflected XSS.This issue affects My Custom Widgets: from n/a through = 2.0.5...

CVE-2025-46526

CVE-2025-46526: WordPress plugin My Custom Widgets (

CVE-2025-46526 WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in janekniefeldt My Custom Widgets mycustomwidget allows Reflected XSS.This issue affects My Custom Widgets: from n/a through = 2.0.5...

CVE-2025-22806

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through = 1.3.8...

CVE-2024-47771

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...