CVE-2025-68886 WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

CVE-2025-68886

CVE-2025-68886 is a WordPress Cookiteer theme vulnerable to Local File Inclusion (LFI) due to improper filename handling in PHP Include/Require. Affected: Cookiteer versions up to 1.4.8. The vulnerability is classified as high risk (CVSS v3.1 base score 8.1; Attack Vector: Network; Impact: Confid...

EUVD-2025-210042

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

CVE-2025-68886 WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

@luo-luo/material (>=0.0.1 <=0.0.5-alpha), @yccw/common (>=0.5.85-1 <=2.0.64) +4 more potentially affected by unknown CVE via @antv/g6-react-node (>=1.4.4 <=1.4.8)

@antv/g6-react-node NPM version =1.4.4, =0.0.1, =0.5.85-1, =1.3.0, =1.5.0 - yccw-common =0.5.85 - zzcom =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3995...

[SECURITY] Fedora 42 Update: flatpak-builder-1.4.8-1.fc42

Flatpak-builder is a tool for building flatpaks from sources. See https://flatpak.org/ for more information...

DEBIAN-CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

UBUNTU-CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

EUVD-2026-21045

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

CVE-2026-39977 flatpak-builder has a path traversal leading to arbitrary file read on host when installing licence files

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

CVE-2026-39977

The CVE concerns flatpak-builder (versions 1.4.5–1.4.7) where the license-files manifest key accepts an array of paths relative to the module source. Paths are validated using two checks, but the final path component and symlink handling can allow path traversal. The copy operation runs on the ho...

flatpak-builder 路径遍历漏洞

flatpak-builder is an Open Source Flatpak application build tool developed by Flatpak. Versions of flatpak-builder from 1.4.5 to 1.4.8 had a path traversal vulnerability. This vulnerability stemmed from insufficient path parsing and validation of the keys in the license-files list, which could...

PT-2026-31705

Name of the Vulnerable Software and Affected Versions flatpak-builder versions 1.4.5 through 1.4.7 Description flatpak-builder, a tool for building flatpaks from source, contains a flaw where the 'license-files' manifest key can be exploited to read arbitrary files from the host system and includ...

CVE-2026-39626

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...

CVE-2026-39626 WordPress Armania theme <= 1.4.8 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...

CVE-2026-39626

CVE-2026-39626 concerns the WordPress kutethemes Armania theme (

WordPress plugin Armania 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CLEANSTART-2026-TM31143 Security fixes for CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.4.10-r0, 1.4.13-r0, 1.4.14-r0, 1.4.8-r0

Multiple security vulnerabilities affect the stakater-reloader package. These issues are resolved in later releases. See references for individual vulnerability details...

GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra

Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...