WordPress plugin DotLife has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

WordPress DotLife theme < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DotLife versions 4.9.5...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001191 advisory. Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized...

CVE-2025-68521

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...

CVE-2025-68521

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...

CVE-2025-68522

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...

CVE-2025-68521 WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...

CVE-2025-68522 WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...

CVE-2025-68522

The CVE-2025-68522 entry applies to the WordPress WpStream plugin, specifically versions ≤ 4.9.5. The underlying issue is a Missing Authorization / Broken Access Control caused by incorrectly configured access control security levels, which could allow an attacker to access resources or actions t...

Improper Input Validation in MSSQL JDBC driver in Crucible Server and Fisheye Server

This High severity Improper Input Validation in MSSQL driver vulnerability was introduced in version 4.9.0 of Crucible Server and Fisheye Server. This Improper Input Validation vulnerability, with a CVSS Score of 8.1, allows an unauthenticated attacker to exploit an undefinable vulnerability whic...

EUVD-2018-2181

Malware in sbrugna...

EUVD-2024-30715

Malicious code in bioql PyPI...

EUVD-2023-3124

Malicious code in bioql PyPI...

EUVD-2025-13743

Malicious code in bioql PyPI...

EUVD-2024-30716

Malicious code in bioql PyPI...

@agentforce/adk (>=0.9.0 <=0.12.1), @bgord/bun (>=0.11.2 <=1.0.1) +37 more potentially affected by CVE-2025-58362 via hono (>=4.8.0 <=4.9.5)

hono NPM version =4.8.0, =0.9.0, =0.11.2, =1.3.0, =1.3.2, =4.0.0-alpha.5, =1.3.3, =0.67.0, =0.14.2, =0.4.0, =0.19.0, =0.16.0, =0.0.1, =0.23.0, =1.10.36 and more Source cves: CVE-2025-58362 Source advisory: SNYK:JS-HONO-12485162...

PT-2025-36105

Name of the Vulnerable Software and Affected Versions: Hono versions 4.8.0 through 4.9.5 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw exists in the getPath utility function that could allow path confusion and potential bypass of...

Linux Distros Unpatched Vulnerability : CVE-2018-10102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before WordPress 4.9.5, the version string was not escaped in the getthegenerator function, and could lead to XSS in a generator tag. CVE-2018-10102 Note that...

CVE-2025-47649

Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through = 4.9.9...

CVE-2024-35718

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5...