openwebui-token-tracking (>=0.1.7 <=0.1.10), sillikalm (>=0.1.0 <=0.1.5) potentially affected by CVE-2026-44561 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44561 Source advisory: SNYK:PYTHON-OPENWEBUI-16599161...

openwebui-token-tracking (>=0.1.7 <=0.1.10), sillikalm (>=0.1.0 <=0.1.5) potentially affected by CVE-2026-44557 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44557 Source advisory: SNYK:PYTHON-OPENWEBUI-16599154...

Astra Linux - уязвимость в libssh

A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...

CLEANSTART-2026-RD21654 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 0.8.4-r0, 0.8.8-r0

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-67927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.8.8...

CVE-2025-67927 WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.8.8...

CVE-2025-67927 WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.8.8...

WordPress plugin Link Whisper Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Link Whisper Free plugin <= 0.8.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Link Whisper Free versions = 0.8.8...

CVE-2025-11263

The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2025-201509

The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11263

CVE-2025-11263 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin Link Whisper Free (versions up to and including 0.8.8). The issue arises from insufficient input sanitization and output escaping in the type parameter, allowing unauthenticated attackers to inject scripts in...

PT-2025-49324

The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-62970

Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through = 0.9.2...

Fedora: Security Advisory (FEDORA-2025-8628ba80b1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-35975

Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through = 0.8.8...

CVE-2025-62970

CVE-2025-62970 concerns a Missing Authorization vulnerability in the WordPress plugin Link Whisper Free . Multiple sources (NVD, Red Hat, EUVD, CIRCL, CVE lists, Patchstack) describe it as exploitable via an incorrectly configured access control on the Link Whisper Free plugin (versions up to at ...

CVE-2025-62970 WordPress Link Whisper Free plugin <= 0.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through = 0.9.2...

WordPress plugin Link Whisper Free security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

CVE-2025-58051

CVE-2025-58051 affects Nextcloud Tables. Prior to versions 0.7.6, 0.8.8, and 0.9.5, the app allowed a user importing a table to specify server files; if the file format is supported by PhpSpreadsheet, the file content could be leaked to the user via path traversal. This is a server-side disclosur...