| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the `wp-graphql/wp-graphql` repository contains a GitHub Actions workflow (`release.yml`) vulnerable to OS command injection through direct use of `${{ github.event.pull_request.body }}` inside a `run:` shell block. When a pull request from `develop` to `master` is merged, the PR body is injected verbatim into a shell command, allowing arbitrary command execution on the Actions runner. Version 2.9.1 contains a fix for the vulnerability. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator taggator allows Reflected XSS.This issue affects TagGator: from n/a through <= 1.54. |
| A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series. |
| Cross-Site Request Forgery (CSRF) vulnerability in elmervillanueva Bet sport Free bet-sport-free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through <= 1.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Font Awesome surbma-font-awesome allows DOM-Based XSS.This issue affects Surbma | Font Awesome: from n/a through <= 3.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through <= 1.0.1. |
| The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model. |
| Cross-Site Request Forgery (CSRF) vulnerability in meloniq AppMaps appmaps allows Stored XSS.This issue affects AppMaps: from n/a through <= 1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joan Boluda Embed documents shortcode embed-documents-shortcode allows Stored XSS.This issue affects Embed documents shortcode: from n/a through <= 1.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through <= 3.4.2. |
| A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build
2026.02.06 (commit d0f97fd9). |
| Cross-Site Request Forgery (CSRF) vulnerability in eagerterrier SOPA Blackout sopa-blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through <= 1.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Product Carousel ect-product-carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through <= 1.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through <= 1.2. |
| A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack remotely. |
| Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through <= 1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0. |
| The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack. |
| ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities. |
| Cross-Site Request Forgery (CSRF) vulnerability in milordk Jet Footer Code jet-footer-code allows Stored XSS.This issue affects Jet Footer Code: from n/a through <= 1.4. |
