Important: Red Hat Security Advisory: RHACS 4.8.9 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

EUVD-2021-30820

Malicious code in bioql PyPI...

EUVD-2025-7912

Malicious code in bioql PyPI...

CVE-2023-5212

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take ove...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]

Summary IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git, caused by a flaw which may allow an attacker to set arbitrary values to git-upload-pack flags CVE-2025-21613. Go-git is used in our ibm-watson-speech-catalog images. This vulnerabilitiy ha...

CVE-2025-30598

Cross-Site Request Forgery CSRF vulnerability in Link OSS Upload oss-upload allows Cross Site Request Forgery.This issue affects OSS Upload: from n/a through = 4.8.9...

WordPress WP-Spreadplugin Plugin <= 4.8.9 is vulnerable to Cross Site Scripting (XSS)

Software WP-Spreadplugin Type Plugin Vulnerable versions = 4.8.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49266 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8199a02bf929 Credits Sharanabasappa Required privilege...

phpFox 跨站脚本漏洞

phpFox is a social networking platform from phpFox Inc. A cross-site scripting vulnerability exists in phpFox version v4.8.9, which originated from a vulnerability that allows attackers to execute arbitrary web script or HTML via an injected status box with a crafted payload...

PT-2024-11591 · Phpfox · Phpfox

Name of the Vulnerable Software and Affected Versions: PHPFox version 4.8.9 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter. Recommendations: For PHPFox version 4.8.9, consider...

phpFox 安全漏洞

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox version v4.8.9. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the History parameter...

PT-2024-23624 · Easycorp · Easyadmin

Name of the Vulnerable Software and Affected Versions: EasyCorp EasyAdmin versions up to 4.8.9 Description: A vulnerability was found in the Autocomplete function of the file assets/js/autocomplete.js, which can lead to cross-site scripting. The manipulation of the item argument is the cause of...

Arbitrary file deletion

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take ove...

WordPress plugin AI ChatBot path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin ChatBot SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-31977 · WordPress · Chatbot

Name of the Vulnerable Software and Affected Versions: ChatBot plugin for WordPress versions up to, and including, 4.8.9 Description: The issue allows unauthenticated attackers to extract sensitive data, including confirmation of whether a user name exists on the site and order information for...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Sensitive Data Exposure

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5254 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a08bb4253476 Credits Marco Wotschka Required privilege...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...

Zope XSS Vulnerability (GHSA-wm8q-9975-xh5v)

Zope is prone to a cross-site scripting XSS vulnerability with SVG images. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-4653

The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2021-43957

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...