WordPress Order Minimum/Maximum Amount Limits for WooCommerce plugin <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability discovered by whizzu in WordPress Plugin Order Minimum/Maximum Amount Limits for WooCommerce versions = 4.6.8...

CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

PT-2026-1872

Name of the Vulnerable Software and Affected Versions GL.Inet GL.Inet AX1800 versions 4.6.4 and 4.6.8 Description An issue exists in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call within the GL.Inet AX1800. The script operates with root privileges when activated through...

GL.iNet AX1800 安全漏洞

The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a competing condition in the opkg wrapper script that could lead to elevated privileges...

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

CVE-2025-67089

CVE-2025-67089 affects the GL‑iNet GL‑AXT1800 router firmware v4.6.8. The vulnerability is in the plugins.install_package RPC method , which does not sufficiently sanitize the package name, allowing authenticated attackers to execute arbitrary commands with root privileges. The entry lists a CVSS...

PT-2026-1870

Name of the Vulnerable Software and Affected Versions GL-iNet GL-AXT1800 router firmware version 4.6.8 Description A command injection issue exists in the plugins.install package RPC method. The method does not properly sanitize user input in package names, allowing authenticated attackers to...

CVE-2025-62015

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

EUVD-2025-35390

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

CVE-2025-62015

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

CVE-2025-62015 WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.6.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

CVE-2024-2347

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

RHSA-2020:5260 Red Hat Security Advisory: OpenShift Container Platform 4.6.8 security and packages update

Bulletin has no description...

RHSA-2019:0315 Red Hat Security Advisory: CloudForms 4.6.8 security, bug fix and enhancement update

Bulletin has no description...

CVE-2024-37316

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2...

PT-2024-27473 · Nextcloud · Nextcloud Calendar

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar versions prior to 4.6.8 Nextcloud Calendar versions prior to 4.7.2 Description: The issue allows authenticated users to create an event with manipulated attachment data, leading to a bad redirect for participants when...

PT-2024-19888 · WordPress · Astra

Name of the Vulnerable Software and Affected Versions: Astra theme for WordPress versions up to, and including, 4.6.8 Description: The issue is related to Stored Cross-Site Scripting via a user's display name due to insufficient input sanitization and output escaping. This allows authenticated...

Medium: ipa

Issue Overview: A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. CVE-2024-1481 Affected Packages: ipa Note: This advisory ...

Design/Logic Flaw

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...

Malicious code in casino-prismic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 906aeb8612a57f084f489c6478da61b9c148272104fed2d5838a07b97704cd26 The OpenSSF Package Analysis project identified 'casino-prismic' @ 4.6.8 npm as malicious. It is considered malicious because: - The package...