OPENSUSE-SU-2026:10831-1 flux2-cli-2.8.8-1.1 on GA media

These are all security issues fixed in the flux2-cli-2.8.8-1.1 package on the GA media of openSUSE Tumbleweed...

Arbitrary File Upload

Overview github.com/flipped-aurora/gin-vue-admin/server/utils is a Vue-based admin system Affected versions of this package are vulnerable to Arbitrary File Upload via the MakeFile function in the breakpoint resume upload process. An attacker can write arbitrary files to any directory by supplyin...

PT-2026-2304

Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.8.8 Description Gin-vue-admin, a backstage management system based on vue and gin, contains a path traversal issue in the breakpoint resume upload functionality. The vulnerability exists because the MakeFile...

CVE-2025-64519

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

EUVD-2023-1820

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-20360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid memory address dereference was discovered in the sbrprocesschannel function of libfaad/sbrdec.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The...

CVE-2025-30841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through = 2.8.8...

CVE-2025-30841 WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through = 2.8.8...

PT-2025-14394 · Unknown · Adamskaat Countdown & Clock

Name of the Vulnerable Software and Affected Versions: adamskaat Countdown & Clock versions n/a through 2.8.8 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Remote Code Inclusion. Th...

WordPress plugin JS Help Desk 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

WordPress JS Help Desk plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin JS Help Desk versions = 2.8.8...

WordPress plugin Floating Buttons for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Floating Buttons for WooCommerce versions = 2.8.8...

CVE-2024-4566

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set...

CVE-2024-3345

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress ShopLentor plugin <= 2.8.8 - Missing Authorization to WordPress Option Modification vulnerability

Missing Authorization to WordPress Option Modification vulnerability discovered by TheGreatLol in WordPress Plugin ShopLentor versions = 2.8.8...

WordPress Plugin ShopLentor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

PT-2024-31719 · Unknown +1 · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to a missing capability check on the ajax dismiss function, which allows authenticated attackers with contributor-level access and above to...

WordPress plugin BuddyForms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6327 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b04aa8b3961f Credits Francesco Carlucci Required privile...