WordPress plugin WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2026-9985

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002914)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002914 advisory. security/keys/bigkey.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allow...

Mercury MR816v2 安全漏洞

The Mercury MR816v2 is an access control device from Mercury China. A security vulnerability exists in Mercury MR816v2 081C3114 version 4.8.7 Build 110427 Rel 36550n, which originates from stored cross-site scripting and could lead to the disclosure of an administrator's session and the execution...

EUVD-2025-30547

Malicious code in bioql PyPI...

PT-2025-38939

Name of the Vulnerable Software and Affected Versions Syed Balkhi All In One SEO Pack versions through 4.8.7 Description An authorization issue exists in Syed Balkhi All In One SEO Pack, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update All...

WordPress plugin All In One SEO Pack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-0365 Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read

The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server,...

WordPress Jupiterx Core plugin <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin JupiterX Core versions = 4.8.7...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi [CVE-2024-39689]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi, caused by the use of GLOBALTRUST root certificate CVE-2024-39689. Certifi python-certifi is used by our Speech Service runtimes. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp [CVE-2024-5569]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp, caused by an infinite loop flaw in the Path module CVE-2024-5569. Zipp is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools [CVE-2024-6345]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools , caused by an error in the packageindex module. CVE-2024-6345. pypa/setuptools is used by our Speech Service runtimes. This vulnerabilitiy has been addressed...

OPENSUSE-SU-2024:0114-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: - update to 4.8.8: fixes a case when a crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured boo1223262, CVE-2024-25583 - changes in 4.8.7: If serving stale, wipe CNAME records from cache when ...

PT-2024-15120 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: EAN for WooCommerce plugin for WordPress versions up to, and including, 4.8.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'alg wc ean product meta' shortcode due to insufficient input sanitization and...

CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

Textpattern CMS 跨站脚本漏洞

Textpattern CMS is a Php-based content management system from the Textpattern team. A cross-site scripting vulnerability exists in Textpattern CMS version 4.8.7, which stems from the "Body" parameter being vulnerable to HTML injection...

Textpattern CMS < 4.8.8 XSS Vulnerability

Textpattern CMS is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

Unprivileged adding of CNAME record causing loop

Description All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. Patch Availability Patches addressing both these issues have been...

SUSE-SU-2018:1902-1 Security update for libqt4

This update for libqt4 fixes the following issues: LibQt4 was updated to 4.8.7 bsc1039291, CVE-2016-10040: See http://download.qt.io/officialreleases/qt/4.8/4.8.7/changes-4.8.7 for more details. Also libQtWebkit4 was updated to 2.3.4 to match libqt4. Also following bugs were fixed: - Enable...