CVE-2026-15301: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in digiblogger BuddyHolis TableSearch
The BuddyHolis TableSearch plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability in the 'placeholder' parameter in all versions up to and including 1.1.0. Authenticated…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

CVE-2025-14773: Cross-Site Scripting Vulnerability in ABB T-MAC Plus (Version 4.0-24)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-M

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

WAF - WAF Release - 2026-05-04
This week's release focuses on new detections to expand coverage across command injection, SQL injection, PHP object injection, remote code
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link

Comments
Sign in to join the conversation.
No comments yet. Be the first.