openSUSE 16 Security Update : libsodium (openSUSE-SU-2026:20642-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20642-1 advisory. Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect...

Security update for libsodium (moderate)

openSUSE security update: security update for libsodium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20642-1 Rating: moderate References: bsc1255764 bsc1256070 Cross-References: CVE-2025-15444 CVE-2025-69277 CVSS scores: CVE-2025-15444 SUSE : 6.8...

SUSE-SU-2026:21422-1 Security update for libsodium

This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

OPENSUSE-SU-2026:10022-1 libsodium-devel-1.0.21-1.1 on GA media

These are all security issues fixed in the libsodium-devel-1.0.21-1.1 package on the GA media of openSUSE Tumbleweed...

Slackware Linux 15.0 / current libsodium Vulnerability (SSA:2026-006-01)

The version of libsodium installed on the remote host is prior to 1.0.18 / 1.0.21. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-006-01 advisory. New libsodium packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the...

WordPress JetWidgets For Elementor plugin <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability discovered by zer0gh0st in WordPress Plugin JetWidgets For Elementor versions = 1.0.20...

WordPress Thumbnail Slider With Lightbox plugin <= 1.0.21 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Thumbnail Slider With Lightbox versions = 1.0.21...

EUVD-2024-49388

Malicious code in bioql PyPI...

EUVD-2024-35075

Malicious code in bioql PyPI...

CVE-2025-54710

Summary of CVE-2025-54710 (WordPress Tiktok Feed plugin) : A Missing Authorization / broken access control vulnerability affects the WordPress plugin “Tiktok Feed” (versions up to and including 1.0.21). The issue enables an attacker to access functionality that is not properly constrained by ACLs...

CVE-2025-54710 WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through = 1.0.21...

WordPress plugin Tiktok Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-35068

Name of the Vulnerable Software and Affected Versions: bPlugins Tiktok Feed versions through 1.0.21 Description: A missing authorization flaw exists in bPlugins Tiktok Feed, allowing access to functionality not properly constrained by Access Control Lists ACLs. Recommendations: Update bPlugins...

WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Tiktok Feed versions = 1.0.21...

CVE-2024-0969

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

CVE-2024-34809

Cross-Site Request Forgery CSRF vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21...

PT-2024-36136 · Seerox · Seerox Easy Blocks Pro

Name of the Vulnerable Software and Affected Versions: Seerox Easy Blocks pro versions 1.0.0 through 1.0.21 Description: The issue is related to missing authorization, allowing access to functionality not properly constrained by Access Control Lists ACLs. This means that certain features or...

WordPress Easy Blocks pro plugin <= 1.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Easy Blocks pro versions = 1.0.21...

WordPress Ortto Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software Ortto Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52482 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b5d486dfe4b Credits Le Ngoc Anh Required privilege...

PT-2024-27543 · Arraytics · Arraytics Timetics

Name of the Vulnerable Software and Affected Versions: Arraytics Timetics versions 1.0.0 through 1.0.21 Description: The issue is related to a Missing Authorization vulnerability in Arraytics Timetics, allowing exploitation of incorrectly configured access control security levels. Recommendations...