4.8
CVE-2026-2678 - Multiple vulnerabilities in A3factura software
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, inΒ parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint,Β which could allow an attacker to execute arbitrary code in the victim's browser.
4.8
CVE-2026-2677 - Multiple vulnerabilities in A3factura software
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, inΒ parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/representatives-management' endpoint,Β which could allow an attacker to execute arbitrary code in the victim's browser.
7.6
CVE-2025-14343 - Reflected XSS in Dokuzsoft Technology's E-Commerce Product
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025.
8.6
CVE-2026-1198 - SQL Injection in SIMPLE.ERP
SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]_u06.
7.3
CVE-2025-64999 - Cross-site scripting in HTML logs of Synthetic Monitoring test services
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.
7.2
CVE-2026-28138 - WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.
7.6
CVE-2026-28136 - WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.12.
5.3
CVE-2026-28132 - WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4.
6.5
CVE-2026-28131 - WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through <= 1.14.4.
6.5
CVE-2026-28083 - WordPress Flatsome theme <= 3.20.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.5.