CVE-2026-15297: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in neeraj_slit Brevo – Email, SMS, Web Push, Chat, and more.
The Brevo WordPress plugin (formerly Sendinblue) for newsletter and email marketing is vulnerable to reflected cross-site scripting (XSS) via the page parameter in all versions up to and including…
Read the full articleYou might also wanna read

CVE-2025-14773: Cross-Site Scripting Vulnerability in ABB T-MAC Plus (Version 4.0-24)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-M

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

Comments
Sign in to join the conversation.
No comments yet. Be the first.