203 matches found
PT-2026-1697
Name of the Vulnerable Software and Affected Versions jwsthemes OchaHouse versions through 2.2.8 Description A flaw exists in the handling of file inclusion within jwsthemes OchaHouse, potentially allowing for PHP Local File Inclusion. The issue stems from improper control of filenames used in...
WordPress Bookory theme <= 2.2.7 - Local File Inclusion vulnerability
Software : Bookory Type : Theme Vulnerable versions : = 2.2.7 Fixed in : 2.2.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68530 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : 314b30db47fa...
WordPress Enter Addons plugin <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Enter Addons versions = 2.2.7...
flowise (>=1.6.1 <=2.2.8), flowise-birat (>=1.0.0 <=1.2.5) +2 more potentially affected by unknown CVE via flowise-ui (>=1.8.4 <=2.2.8)
flowise-ui NPM version =1.8.4, =1.6.1, =1.0.0, =0.0.1, =0.0.2, =0.0.4 Source cves: unknown CVE Source advisory: OSV:GHSA-X39M-3393-3QP4...
WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Hotel Booking versions = 2.2.8...
WordPress Visual Link Preview plugin <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via visual-link-preview Shortcode vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Visual Link Preview versions = 2.2.7...
EUVD-2015-3672
Malware in sbrugna...
EUVD-2003-0025
Malware in sbrugna...
EUVD-2018-0655
Malware in sbrugna...
CVE-2025-9045
The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in versions less than, or equal to, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...
EUVD-2021-32731
Malicious code in bioql PyPI...
EUVD-2025-30488
Malicious code in bioql PyPI...
EUVD-2023-42900
Malicious code in bioql PyPI...
EUVD-2025-32287
Malicious code in bioql PyPI...
EUVD-2025-5435
Malicious code in bioql PyPI...
EUVD-2024-34095
Malicious code in bioql PyPI...
EUVD-2022-2600
Malicious code in bioql PyPI...
CVE-2025-9045
The CVE-2025-9045 entry describes a Stored Cross-Site Scripting (XSS) in the WordPress plugin Easy Elementor Addons (versions
CVE-2025-58973
CVE-2025-58973 is a PHP Remote File Inclusion/Local File Inclusion vulnerability in Easy Elementor Addons (WordPress plugin). The issue arises from improper control of the filename used in include/require, enabling Local File Inclusion. Affected versions are Easy Elementor Addons up to 2.2.8 (no ...
flowise (>=2.0.0 <=2.2.8) potentially affected by unknown CVE via flowise-components (=2.2.8)
flowise-components NPM version =2.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on flowise-components and may be impacted: - flowise =2.0.0, =2.2.8 Source cves: unknown CVE Source advisory: SNYK:JS-FLOWISECOMPONENTS-12878598...