Malicious dropper in mistralai 2.4.6 PyPI package

The mistralai PyPI package version 2.4.6 contains a malicious dropper that executes on import on Linux. No v2.4.6 tag, commit, or release workflow run exists in this repository, the legitimate latest version before the upload was 2.4.5, and the upload bypassed this repository's normal release...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization in the authorization process. An attacker can gain unauthorized write access by bypassing security measures. Remediation Upgrade...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization via the authorization process. An attacker can gain unauthorized write access by bypassing security measures. Remediation Upgrade...

CVE-2026-34650 Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources,...

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is a leading digital business solution for businesses and brands from Adobe in the United States. Versions of Adobe Commerce such as 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17, and earlier versions have a vulnerability related to input validation errors. This...

CVE-2026-21360

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a security feature bypass. A high-privileged attacker could...

WordPress plugin Boutique 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-27905

Name of the Vulnerable Software and Affected Versions kutethemes Boutique versions prior to 2.4.6 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a reflected cross-site scripting issue. This allows for the potential execution...

CVE-2026-21310

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user...

CVE-2026-21291

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this...

CVE-2026-21310 Adobe Commerce | Improper Input Validation (CWE-20)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user...

CVE-2025-67547

Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through = 2.4.6...

CVE-2025-67547 WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through = 2.4.6...

PT-2026-21041

Name of the Vulnerable Software and Affected Versions uixthemes Konte versions through 2.4.6 Description An authorization issue exists in uixthemes Konte. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations Update...

WordPress plugin Konte 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2020-37212

CVE-2020-37212 affects SpotMSN 2.4.6. A denial-of-service vulnerability exists in the registration name input field; a 1000-character payload pasted into the Name field can crash the application. CVSS metrics are provided: v4.0 base 4.6 (LOCAL attack, no privileges, user interaction required) and...

Nsasoft SpotMSN 安全漏洞

Nsasoft SpotMSN is a password recovery tool developed by the US company Nsasoft. Version 2.4.6 of Nsasoft SpotMSN contains a security vulnerability; this vulnerability stems from a buffer overflow in the registration name input field, which may cause the application to crash...

📄 Magento Adobe Commerce 2.4.6-p5 Arbitrary File Read

Magento Adobe Commerce version 2.4.6-p5 arbitrary file read proof of concept exploit. ============================================================================================================================================= | Title : Magento Adobe Commerce 2.4.6-p5 arbitrary file read...

CVE-2025-69317

CVE-2025-69317 corresponds to WordPress CarSpot theme before version 2.4.6, with a Reflected XSS vulnerability in the CarSpot theme (scriptsbundle). The issue affects CarSpot:

CVE-2025-69317 WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...