#cyber-security β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cyber-security, aggregated by home.social.
-
Gay & Lesbian Community Services Center Reported Data Breach Affecting Approximately 75,532 Individuals
The Gay & Lesbian Community Services Center of Orange County reported a data breach affecting 75,532 individuals after unauthorized access to its network between December 25 and December 26, 2025. The Inc Ransom group claimed responsibility, and the exposed data may include personal and medical information. The organization is offering complimentary identity protection services.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/gay-lesbian-community-services-center-of-orange-county-discloses-data-breach-affecting-approximately-75532-individuals-z-q-o-0-j/gD2P6Ple2L -
Gay & Lesbian Community Services Center Reported Data Breach Affecting Approximately 75,532 Individuals
The Gay & Lesbian Community Services Center of Orange County reported a data breach affecting 75,532 individuals after unauthorized access to its network between December 25 and December 26, 2025. The Inc Ransom group claimed responsibility, and the exposed data may include personal and medical information. The organization is offering complimentary identity protection services.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/gay-lesbian-community-services-center-of-orange-county-discloses-data-breach-affecting-approximately-75532-individuals-z-q-o-0-j/gD2P6Ple2L -
π¨ EUVD-2026-43443
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Themify Builder
π’ Vendor: themifyme
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through <= 7.7.4.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43443
-
π¨ EUVD-2026-43443
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Themify Builder
π’ Vendor: themifyme
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through <= 7.7.4.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43443
-
π¨ EUVD-2026-43445
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: reCAPTCHA (v2 & v3) for Asgaros Forum
π’ Vendor: Hitesh Chandwani
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 & v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43445
-
π¨ EUVD-2026-43445
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: reCAPTCHA (v2 & v3) for Asgaros Forum
π’ Vendor: Hitesh Chandwani
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 & v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43445
-
π¨ EUVD-2026-43446
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Chatbot
π’ Vendor: QuantumCloud
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43446
-
π¨ EUVD-2026-43446
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Chatbot
π’ Vendor: QuantumCloud
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43446
-
π¨ EUVD-2026-43447
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: WPJAM Basic
π’ Vendor: Denishua
π Updated: 2026-07-13π Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43447
-
π¨ EUVD-2026-43447
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: WPJAM Basic
π’ Vendor: Denishua
π Updated: 2026-07-13π Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43447
-
π¨ EUVD-2026-43448
π Score: 7.2/10 (CVSS v3.1)
π¦ Product: WPJAM Basic
π’ Vendor: Denishua
π Updated: 2026-07-13π Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43448
-
π¨ EUVD-2026-43448
π Score: 7.2/10 (CVSS v3.1)
π¦ Product: WPJAM Basic
π’ Vendor: Denishua
π Updated: 2026-07-13π Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43448
-
π¨ EUVD-2026-43450
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Jobmonster
π’ Vendor: NooTheme
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.8.5.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43450
-
π¨ EUVD-2026-43451
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Better Payment β Instant Payments, Donations, Fundraising with Subscriptions & More
π’ Vendor: WPDeveloper
π Updated: 2026-07-13π Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment β Instant Payments, Donations, Fundraising with Subscriptions & More better...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43451
-
π¨ EUVD-2026-43450
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Jobmonster
π’ Vendor: NooTheme
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.8.5.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43450
-
π¨ EUVD-2026-43451
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Better Payment β Instant Payments, Donations, Fundraising with Subscriptions & More
π’ Vendor: WPDeveloper
π Updated: 2026-07-13π Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment β Instant Payments, Donations, Fundraising with Subscriptions & More better...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43451
-
π¨ EUVD-2026-43442
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: WowAddons
π’ Vendor: wpxpo
π Updated: 2026-07-13π Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through <= 1.6.8.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43442
-
π¨ EUVD-2026-43444
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: ElementInvader Addons for Elementor
π’ Vendor: Element Invader
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43444
-
π¨ EUVD-2026-43444
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: ElementInvader Addons for Elementor
π’ Vendor: Element Invader
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43444
-
π¨ EUVD-2026-43442
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: WowAddons
π’ Vendor: wpxpo
π Updated: 2026-07-13π Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through <= 1.6.8.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43442
-
π¨ EUVD-2026-43449
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: MStore API
π’ Vendor: FluxBuilder
π Updated: 2026-07-13π Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through <= 4.18.4.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43449
-
π¨ EUVD-2026-43449
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: MStore API
π’ Vendor: FluxBuilder
π Updated: 2026-07-13π Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through <= 4.18.4.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43449
-
π¨ EUVD-2026-43452
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Advanced Forms
π’ Vendor: Phil Kurth
π Updated: 2026-07-13π Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through <= 1.9.3.7.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43452
-
π¨ EUVD-2026-43452
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Advanced Forms
π’ Vendor: Phil Kurth
π Updated: 2026-07-13π Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through <= 1.9.3.7.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43452
-
π¨ EUVD-2026-43453
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Extensions for Leaflet Map
π’ Vendor: hupe13
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a thro...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43453
-
π¨ EUVD-2026-43453
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Extensions for Leaflet Map
π’ Vendor: hupe13
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a thro...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43453
-
π¨ EUVD-2026-43454
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: FormyChat
π’ Vendor: WPPOOL
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through <= 2.15.3.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43454
-
π¨ EUVD-2026-43454
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: FormyChat
π’ Vendor: WPPOOL
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through <= 2.15.3.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43454
-
π¨ EUVD-2026-43455
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: PropertyHive
π’ Vendor: Property Hive
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through <= 2.2.3.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43455
-
π¨ EUVD-2026-43456
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: aBlocks
π’ Vendor: Kodezen LLC
π Updated: 2026-07-13π Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through < 2.9.1.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43456
-
π¨ EUVD-2026-43455
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: PropertyHive
π’ Vendor: Property Hive
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through <= 2.2.3.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43455
-
π¨ EUVD-2026-43456
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: aBlocks
π’ Vendor: Kodezen LLC
π Updated: 2026-07-13π Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through < 2.9.1.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43456
-
π¨ EUVD-2026-43457
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Simple File List
π’ Vendor: Mitchell Bennis
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through <= 6.3.8.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43457
-
π¨ EUVD-2026-43457
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Simple File List
π’ Vendor: Mitchell Bennis
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through <= 6.3.8.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43457
-
π¨ EUVD-2026-43458
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: JobSearch
π’ Vendor: eyecix
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through <= 3.2.9.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43458
-
π¨ EUVD-2026-43458
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: JobSearch
π’ Vendor: eyecix
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through <= 3.2.9.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43458
-
π¨ EUVD-2026-43459
π Score: 8.5/10 (CVSS v3.1)
π¦ Product: Vitepos
π’ Vendor: appsbd
π Updated: 2026-07-13π Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through <= 3.4.2.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43459
-
π¨ EUVD-2026-43459
π Score: 8.5/10 (CVSS v3.1)
π¦ Product: Vitepos
π’ Vendor: appsbd
π Updated: 2026-07-13π Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through <= 3.4.2.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43459
-
π¨ EUVD-2026-43460
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: picu
π’ Vendor: picu
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through <= 3.5.1.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43460
-
π¨ EUVD-2026-43460
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: picu
π’ Vendor: picu
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through <= 3.5.1.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43460
-
π¨ EUVD-2026-43461
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Hydra Booking
π’ Vendor: Themefic
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.44.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43461
-
π¨ EUVD-2026-43461
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Hydra Booking
π’ Vendor: Themefic
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.44.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43461
-
π¨ EUVD-2026-43462
π Score: 8.6/10 (CVSS v3.1)
π¦ Product: Groundhogg
π’ Vendor: Adrian Tobey
π Updated: 2026-07-13π Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through <= 4.4.1.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43462
-
π¨ EUVD-2026-43462
π Score: 8.6/10 (CVSS v3.1)
π¦ Product: Groundhogg
π’ Vendor: Adrian Tobey
π Updated: 2026-07-13π Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through <= 4.4.1.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43462
-
π¨ EUVD-2026-43463
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Extra Product Options Builder for WooCommerce
π’ Vendor: edgarrojas
π Updated: 2026-07-13π Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This is...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43463
-
π¨ EUVD-2026-43463
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Extra Product Options Builder for WooCommerce
π’ Vendor: edgarrojas
π Updated: 2026-07-13π Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This is...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43463
-
π¨ EUVD-2026-43464
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Loops & Logic
π’ Vendor: Tangible
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through <= 4.2.3.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43464
-
π¨ EUVD-2026-43464
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Loops & Logic
π’ Vendor: Tangible
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through <= 4.2.3.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43464
-
π¨ EUVD-2026-43465
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Tourfic
π’ Vendor: Themefic
π Updated: 2026-07-13π Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43465
-
π¨ EUVD-2026-43465
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Tourfic
π’ Vendor: Themefic
π Updated: 2026-07-13π Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43465
-
π¨ EUVD-2026-43466
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Newsletters
π’ Vendor: Tribulant Software
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.14.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43466
-
π¨ EUVD-2026-43466
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: Newsletters
π’ Vendor: Tribulant Software
π Updated: 2026-07-13π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.14.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43466
-
π¨ EUVD-2026-43467
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: WooCommerce PDF Invoice Builder
π’ Vendor: edgarrojas
π Updated: 2026-07-13π Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce P...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43467
-
π¨ EUVD-2026-43467
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: WooCommerce PDF Invoice Builder
π’ Vendor: edgarrojas
π Updated: 2026-07-13π Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce P...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43467
-
π¨ EUVD-2026-43496
π Score: 9.3/10 (CVSS v3.1)
π¦ Product: Flamingo
π’ Vendor: VITEC
π Updated: 2026-07-13π Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that allows remote attackers to execute arbitrary commands by exploiting a double-evaluation flaw in shell argument handling. The endpoint...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43496
-
π¨ EUVD-2026-43496
π Score: 9.3/10 (CVSS v3.1)
π¦ Product: Flamingo
π’ Vendor: VITEC
π Updated: 2026-07-13π Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that allows remote attackers to execute arbitrary commands by exploiting a double-evaluation flaw in shell argument handling. The endpoint...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43496
-
π¨ EUVD-2026-43497
π Score: 9.3/10 (CVSS v3.1)
π¦ Product: Flamingo
π’ Vendor: VITEC
π Updated: 2026-07-13π Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gen_graphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key,...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43497
-
π¨ EUVD-2026-43497
π Score: 9.3/10 (CVSS v3.1)
π¦ Product: Flamingo
π’ Vendor: VITEC
π Updated: 2026-07-13π Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gen_graphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key,...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-43497