OPENSUSE-SU-2026:10831-1 flux2-cli-2.8.8-1.1 on GA media

These are all security issues fixed in the flux2-cli-2.8.8-1.1 package on the GA media of openSUSE Tumbleweed...

Arbitrary File Upload

Overview github.com/flipped-aurora/gin-vue-admin/server/utils is a Vue-based admin system Affected versions of this package are vulnerable to Arbitrary File Upload via the MakeFile function in the breakpoint resume upload process. An attacker can write arbitrary files to any directory by supplyin...

PT-2026-2304

Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.8.8 Description Gin-vue-admin, a backstage management system based on vue and gin, contains a path traversal issue in the breakpoint resume upload functionality. The vulnerability exists because the MakeFile...

CVE-2025-64519

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

EUVD-2018-12764

Malware in sbrugna...

EUVD-2023-1820

Malicious code in bioql PyPI...

EUVD-2023-56213

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-20360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid memory address dereference was discovered in the sbrprocesschannel function of libfaad/sbrdec.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The...

CVE-2023-51500

Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8...

CVE-2024-11917

CVE-2024-11917 affects the JobSearch WP Job Board WordPress plugin and permits unauthenticated authentication bypass via Xing/Google login callbacks in versions up to 2.9.2; a partial fix exists in 2.8.4. Public sources indicate the fix requires upgrading to 2.8.9 or later (and at least beyond 2....

CVE-2025-30841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through = 2.8.8...

CVE-2025-30841 WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through = 2.8.8...

PT-2025-14394 · Unknown · Adamskaat Countdown & Clock

Name of the Vulnerable Software and Affected Versions: adamskaat Countdown & Clock versions n/a through 2.8.8 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Remote Code Inclusion. Th...

WordPress plugin Countdown & Clock 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress plugin JS Help Desk 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

WordPress JS Help Desk plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin JS Help Desk versions = 2.8.8...

WordPress plugin Floating Buttons for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35233 · Unknown · Qunatumcloud Floating Buttons For Woocommerce

Name of the Vulnerable Software and Affected Versions: QunatumCloud Floating Buttons for WooCommerce versions 2.8.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendation...

WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Floating Buttons for WooCommerce versions = 2.8.8...

PT-2024-39852 · Craig Rodway · Classroombookings

Name of the Vulnerable Software and Affected Versions: Craig Rodway Classroombookings version 2.8.7 Description: A vulnerability was found in the processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be...