CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

EUVD-2025-208308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through = 0.19...

PT-2026-23147

Name of the Vulnerable Software and Affected Versions Theater for WordPress versions prior to 0.19 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks...

CVE-2025-69331

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.19...

CVE-2025-69331 WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.19...

CVE-2024-12215

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

PT-2024-39261 · WordPress · Wp Booking System – Booking Calendar

Name of the Vulnerable Software and Affected Versions: The WP Booking System – Booking Calendar plugin for WordPress versions up to, and including, 2.0.19.8 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate...