@clerk/agent-toolkit (>=0.2.5-canary-core3.v20251124105058 <=0.3.16-snapshot.v20260416221307), @clerk/astro (>=3.0.0 <=3.2.3-canary.v20260508190534) +69 more potentially affected by CVE-2026-42349 via @clerk/shared (>=4.0.0 <=4.8.3-snapshot.v20260421194054)

@clerk/shared NPM version =4.0.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =6.0.0, =2.2.5-canary-core3.v20251124105058, =3.2.4-canary.v20260508190534...

CVE-2021-47888 Textpattern 4.8.3 - Remote code execution

Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through ...

CVE-2025-69314

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through 4.8.3...

PT-2026-4192

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through 4.8.3...

WordPress Werkstatt theme < 4.8.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Werkstatt versions 4.8.3...

EUVD-2020-26996

Malware in sbrugna...

EUVD-2017-7704

Malware in sbrugna...

EUVD-2019-6239

Malware in sbrugna...

EUVD-2023-1247

Malicious code in bioql PyPI...

CVE-2025-10173 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the postsave function in all versions up to, and including, 4.8.3. This makes it possible for authenticated...

CVE-2025-10173 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the postsave function in all versions up to, and including, 4.8.3. This makes it possible for authenticated...

CVE-2023-34007

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3...

CVE-2023-30542

OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

CVE-2020-5306

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content...

CVE-2019-15227

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions...

CVE-2020-15124

In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive...

WordPress Oxygen Builder Plugin <= 4.8.3 is vulnerable to Broken Access Control

Software Oxygen Builder Type Plugin Vulnerable versions = 4.8.3 Fixed in 4.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 05a98a111db4 Credits Francesco Carlucci Required...

PT-2024-37800 · WordPress · Oxygen Builder

Name of the Vulnerable Software and Affected Versions: Oxygen Builder plugin for WordPress versions up to, and including, 4.8.3 Description: The issue is related to a missing capability check on the oxy save css from admin AJAX action. This makes it possible for authenticated attackers, with...

RHEL 7 / 8 : OpenShift Virtualization 4.8.3 RPMs (RHSA-2021:4910)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4910 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...