EUVD-2026-34325

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

Astra Linux - уязвимость в apache2

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

EUVD-2026-14620

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2026-27253

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-69391 WordPress Diamond theme <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through = 2.4.8...

CVE-2025-69391 WordPress Diamond theme <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through = 2.4.8...

WordPress Kali Forms plugin <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Form Data Exposure vulnerability discovered by Youssef Elouaer in WordPress Plugin Kali Forms versions = 2.4.8...

Nsasoft SpotFTP 安全漏洞

Nsasoft SpotFTP is an FTP client password recovery tool developed by the US company Nsasoft. Version 2.4.8 of Nsasoft SpotFTP contains a security vulnerability; this vulnerability stems from a large buffer overflow, which could potentially cause the application to crash...

GHSA-8398-GMMX-564H n8n has a Python sandbox escape

Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...

CVE-2026-25115 n8n is vulnerable to Python sandbox escape

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

CVE-2026-25115 n8n is vulnerable to Python sandbox escape

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

EUVD-2026-5414

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

WordPress plugin wpForo Forum SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Versions 2.4.8 and earlier. The vulnerabilities are in Adobe Commerce's security mechanisms, allowing both high- and low-privileged attackers to bypass security measures. This can lead to unauthorized access to sensitive information and execution ...

WordPress plugin Credova_Financial 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

Linux Distros Unpatched Vulnerability : CVE-2022-24805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

CVE-2022-24897

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.1) potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.2)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =3.1.1 Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...

WordPress T(-) Countdown plugin <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin T- Countdown versions = 2.4.8...

WordPress AI Engine plugin < 2.4.8 - Admin+ SQLi vulnerability

Admin+ SQLi vulnerability discovered by Karolis Narvilas in WordPress Plugin AI Engine versions 2.4.8...