CVE-2026-0626

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

CVE-2026-0626 WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

CVE-2025-23933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...

EUVD-2014-9640

Malware in sbrugna...

EUVD-2024-49084

Malicious code in bioql PyPI...

EUVD-2024-48473

Malicious code in bioql PyPI...

EUVD-2024-32863

Malicious code in bioql PyPI...

EUVD-2024-48474

Malicious code in bioql PyPI...

EUVD-2024-33556

Malicious code in bioql PyPI...

EUVD-2025-10017

Malicious code in bioql PyPI...

EUVD-2025-3548

Malicious code in bioql PyPI...

April 8, 2025-KB5055170 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

April 8, 2025-KB5055170 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: April 8, 2025 Version: .NET Framework 4.8 The April 8, 2025 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative reliability...

CVE-2025-31488 Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of controls such as WebBrowser

Plain Craft Launcher PCL is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE...

Enabling WPF Rendering for Citrix HDX on Multi-Session VDAs

Overview Windows Presentation Foundation WPF applications can leverage GPU acceleration in Citrix Virtual Apps and Desktops CVAD environments running Windows Multi-session OS. By enabling WPF rendering on the server’s GPU, this reduces CPU load and improves graphics performance for WPF...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code...

Improper Isolation or Compartmentalization

Overview CefSharp.Wpf is a the CefSharp Chromium-based browser component WPF control. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a...

CVE-2024-7576

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a code execution attack is possible through an insecure deserialization vulnerability...

CVE-2024-7575

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-10095

In Progress Telerik UI for WPF versions prior to 2024 Q4 2024.4.1213, a code execution attack is possible through an insecure deserialization vulnerability...

CVE-2024-10012

In Progress Telerik UI for WPF versions prior to 2024 Q4 2024.4.1111, a code execution attack is possible through an insecure deserialization vulnerability...