Category: Vulnerabilities

The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wppe_effect’ shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping...

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the custom_actions() function not properly validating a user’s identity prior to...

Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory. More information : https://content.connect.panasonic.com/jp-ja/fai/file/66248

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B – Netsis Panel allows SQL Injection.This issue affects B2B – Netsis Panel:...

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An...

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail template settings. Once a malicious payload is saved, any...

Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the “Twitter”feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a “Twitter” message...

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained...

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. More information...

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. More information...

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. More information...

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. More information...

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be...