EUVD-2025-206896

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbrawcontent shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12159 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbrawcontent shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12159

The vulnerability CVE-2025-12159 affects the Bold Page Builder WordPress plugin. All versions up to 5.4.8 are vulnerable to Stored Cross-Site Scripting via the bt_bb_raw_content shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authentic...

PT-2026-6877

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt bb raw content shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Bold Page Builder plugin <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.4.8...

CVE-2026-24872

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...

CVE-2026-24872

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...

CVE-2026-24872

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...

CVE-2026-24872

CVE-2026-24872 affects SkyFire_548 (before 5.4.8-stable5). The issue is due to improper pointer arithmetic in SkyFire_548. The vulnerability is rated CVSSv3.1: 9.8 (CRITICAL) with Network attack vector, no privileges, no user interaction, and high impact on confidentiality, integrity, and availab...

CVE-2026-24872 Pointer arithmetic error in SkyFire_548

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...

EUVD-2026-4818

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...

PT-2026-4961

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire 548.This issue affects SkyFire 548: before 5.4.8-stable5...

PT-2026-2487

Name of the Vulnerable Software and Affected Versions Semantic machines version 5.4.8 Description An issue allows attackers to bypass authentication by sending a crafted HTTP request to various API endpoints. The attack targets authentication mechanisms within the software. The affected API...

CVE-2025-66698

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints...

Semantic release 安全漏洞

Semantic release is a Js-based versioning and package distribution tool from the Semantic Release team. A security vulnerability exists in Semantic release version 5.4.8, which stems from the fact that sending specially crafted HTTP requests to various API endpoints can bypass authentication...

EUVD-2023-34337

Malicious code in bioql PyPI...

CVE-2023-32245

Cross-Site Request Forgery CSRF vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8...

CVE-2023-32241

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin = 5.4.8 versions...

AZL-59325 CVE-2025-31179 affecting package gnuplot 5.4.8-1

A flaw was found in gnuplot. The xstrftime function may lead to a segmentation fault, causing a system crash...

CVE-2024-37472

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...