CVE-2026-32142 shopware/commercial: `/api/_info/config` route exposes information about licenses

Shopware is an open commerce platform. /api/info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15...

EUVD-2026-11663

Shopware is an open commerce platform. /api/info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15...

WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.1 - Unauthenticated Limited File Upload vulnerability

Unauthenticated Limited File Upload vulnerability discovered by Jamiryoo in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.1...

CVE-2025-12500

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

com.aconex.scrutineer:scrutineer (=7.9.3), com.playtika.testcontainers:embedded-elasticsearch (>=2.0.0 <=2.0.11) +15 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=7.8.1 <=8.19.7)

org.elasticsearch:elasticsearch-ssl-config MAVEN version =7.8.1, =2.0.0, =0.2.7.1, =0.83.0, =7.9.01, =7.8.1, =1.5.0, =7.8.1, =7.8.1, =7.8.1, =8.10.0, =7.8.1, =8.10.0, =8.0.0, =8.19.15 and more Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...

com.aconex.scrutineer:scrutineer (=7.9.3), org.elasticsearch.client:x-pack-transport (>=7.8.1 <=7.9.3) potentially affected by CVE-2025-37731 via org.elasticsearch.plugin:x-pack-core (>=7.8.1 <=7.9.3)

org.elasticsearch.plugin:x-pack-core MAVEN version =7.8.1, =7.8.1, =7.9.3 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCHPLUGIN-14417581...

PT-2025-29829 · Fortra · Goanywhere Mft

Name of the Vulnerable Software and Affected Versions: GoAnywhere MFT versions prior to 7.8.1 Description: A broken access control issue in Fortra's GoAnywhere MFT can lead to a denial of service. This occurs when the software is configured to use GoAnywhere One-Time Password GOTP email two-facto...

CVE-2014-3860

Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability...

WordPress Link Library plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Link Library versions = 7.8...

Chainer Remote Code Execution Vulnerability

Chainer is an open source deep learning framework from Chainer Open Source. A security vulnerability exists in Chainer version v7.8.1.post1, which stems from untrusted data deserialization and can lead to arbitrary code execution. No detailed vulnerability details are provided at this time...

PT-2024-33025 · Chainer · Chainer

Name of the Vulnerable Software and Affected Versions: chainer version 7.8.1.post1 Description: A Deserialization of Untrusted Data issue allows for the execution of arbitrary code. Recommendations: For version 7.8.1.post1, update to a version that fixes the Deserialization of Untrusted Data issu...

Mattermost Server < 7.1.6 / 7.2.x < 7.7.2 / 7.8.x < 7.8.1 Information Disclosure (MMSA-2023-00141)

The version of Mattermost Server running on the remote host is prior to 7.1.6, 7.2.x prior to 7.7.2 or 7.8.x prior to 7.8.1. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can request a preview of an existing message when creating a new...

CVE-2023-23590

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service device restart via an unauthenticated API request. The attacker must be on the same network as the device...

Mercedes-Benz XENTRY Retail Data Storage 安全漏洞

Mercedes-Benz XENTRY Retail Data Storage is a type of retail data storage from Mercedes-Benz of Germany. A security vulnerability exists in Mercedes-Benz XENTRY Retail Data Storage version 7.8.1, which originated from a vulnerability that allows remote attackers to cause a denial of service via a...

PT-2023-19063 · Mercedes Benz · Mercedes-Benz Xentry Retail Data Storage

Name of the Vulnerable Software and Affected Versions: Mercedes-Benz XENTRY Retail Data Storage version 7.8.1 Description: The issue allows remote attackers to cause a denial of service, resulting in a device restart, via an unauthenticated API request. The attacker must be on the same network as...

CVE-2023-23590

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 is affected by a remote-denial-of-service vulnerability exploitable by unauthenticated API requests over the local network, causing device restart. The available sources consistently describe the issue as requiring network proximity (same network) an...

CVE-2021-22794

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...

PT-2021-21346 · Telegram +1 · Telegram +1

Name of the Vulnerable Software and Affected Versions: Telegram versions prior to 7.8.1 for Android Telegram versions prior to 7.8.3 for iOS Telegram Desktop versions prior to 2.8.8 Description: A reordering issue exists in Telegram, allowing an attacker to cause the server to receive messages in...

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.8.1 patch release and security update

A micro version update from 7.8.0 to 7.8.1 is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impac...