CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

WordPress Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Post Expirator versions = 4.10.0...

Fedora 44 : coturn (2026-1c11dc3e37)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1c11dc3e37 advisory. Coturn 4.10.0 Performance Add Linux-only recvmmsg client receive path for DTLS/UDP listener Skip response buffer allocation for STUN indications...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

CVE-2025-12777

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

EUVD-2015-4576

Malware in sbrugna...

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association vulnerability

Missing Authorization to Unauthenticated Forms-Campaign Association vulnerability discovered by Rafshanzani Suhada in WordPress Plugin GiveWP versions = 4.10.0...

EUVD-2023-1981

Malicious code in bioql PyPI...

EUVD-2024-20181

Malicious code in bioql PyPI...

SUSE: Security Advisory (SUSE-SU-2025:03354-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-22646

An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system...

CVE-2023-36828

Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the sanitize function. Versio...

CVE-2021-27024

A flaw was discovered in Continuous Delivery for Puppet Enterprise CD4PE that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0...

CVE-2025-22311

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...

WordPress plugin Private Messages for UserPro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-4437 · Userpro · Private Messages For Userpro

Name of the Vulnerable Software and Affected Versions: Private Messages for UserPro versions n/a through 4.10.0 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious scripts in...

fence-agents security update

4.10.0-62.3 - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 4.10.0-62.2 - fenceeps: add fenceepsr2 for ePowerSwitch R2 and newer Resolves: RHEL-35273 4.10.0-62.1 - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action Resolves: RHEL-29668...

BIT-SEOPANEL-2024-22643

A Cross-Site Request Forgery CSRF vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets...