CVE-2026-6169 affiliate-toolkit <= 3.8.5 - Authenticated (Editor+) Remote Code Execution

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

EUVD-2026-26453

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

PT-2026-24614

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

UBUNTU-CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

CVE-2026-25384

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...

CVE-2026-25384 WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...

CVE-2026-25384 WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...

PT-2026-23853

Name of the Vulnerable Software and Affected Versions Apache ZooKeeper versions 3.8.5 and 3.9.4 Description An issue exists in Apache ZooKeeper where improper handling of configuration values in ZKConfig can lead to the exposure of sensitive information. Specifically, client configuration data...

CVE-2025-49915

The CVE-2025-49915 entry describes an SQL Injection vulnerability in the Cozy Vision SMS Alert Order Notifications (WordPress SMS Alert Order Notifications) plugin for WordPress. Affected component: the sms-alert functionality within the plugin, with versions up to and including 3.8.5. Root cause...

CVE-2025-49915 WordPress SMS Alert Order Notifications plugin <= 3.8.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.5...

EUVD-2025-18119

Malicious code in bioql PyPI...

EUVD-2025-17489

Malicious code in bioql PyPI...

ClipShare 代码问题漏洞

ClipShare is a cross-device shared clipboard by Thevindu Wijesekera Individual Developer. A code issue vulnerability exists in ClipShare versions prior to 3.8.5, which stems from a DLL being loaded in the wrong order, and may result in local elevation of privilege...

CVE-2023-36514

Cross-Site Request Forgery CSRF vulnerability in WooCommerce Shipping Multiple Addresses plugin = 3.8.5 versions...

Amaze File Manager 安全漏洞

Amaze File Manager is an open source file manager from Amaze. A security vulnerability exists in Amaze File Manager version v.3.8.5, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java...

Rebuild 代码注入漏洞

Rebuild is a highly customizable enterprise management system. A code injection vulnerability exists in Rebuild version 3.8.5, which stems from a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...

PT-2024-17705 · Ruifang Tech · Ruifang-Tech Rebuild

Name of the Vulnerable Software and Affected Versions: ruifang-tech Rebuild version 3.8.5 Description: A problematic issue has been found in the Project Task Comment Handler component, leading to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the...

Rebuild 代码注入漏洞

Rebuild is a highly customizable enterprise management system. A code injection vulnerability exists in Rebuild version 3.8.5, which stems from a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...

"Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

Overview "Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Nishimura Reiji of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

EPARK Kura Sushi Official App 安全漏洞

EPARK Kura Sushi Official App is a sushi purchasing and reservation storefront application from EPARK, Inc. A security vulnerability exists in the EPARK Kura Sushi Official App version prior to 3.8.5, which stems from an issue with the use of hard-coded encryption keys, where a local attacker may...