CVE-2026-4335

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...

PT-2026-26897

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an...

OPENSUSE-SU-2026:10357-1 ruby4.0-rubygem-puma-6.4.3-1.5 on GA media

These are all security issues fixed in the ruby4.0-rubygem-puma-6.4.3-1.5 package on the GA media of openSUSE Tumbleweed...

Eclipse ThreadX RTOS 安全漏洞

Eclipse ThreadX RTOS is an advanced real-time operating system RTOS from Eclipse ThreadX designed for deeply embedded applications. A security vulnerability exists in Eclipse ThreadX RTOS versions prior to 6.4.3, which stems from insufficient validation of a system call parameter when memory...

EUVD-2024-45804

Malicious code in bioql PyPI...

EUVD-2024-30556

Malicious code in bioql PyPI...

EUVD-2025-24721

Malicious code in bioql PyPI...

CVE-2025-54672

Cross-Site Request Forgery CSRF vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through = 6.4.3...

CVE-2025-54672 WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through = 6.4.3...

CVE-2025-54672

CVE-2025-54672 is a CSRF vulnerability in the WordPress plugin Photo Engine (Jordy Meow) affecting versions up to and including 6.4.3. The initial entry lists a CVSSv3.1 base score of 4.3 (Medium) with network access and user interaction required. Connected sources corroborate the issue as a Cros...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-50184

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...

CVE-2024-32769

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 2024/07/12 a...

CVE-2024-32767

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 2024/07/12 a...

CVE-2024-32768

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 2024/07/12 a...

CVE-2022-39411

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Business Process Automation. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2025-2260

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.4.0 through 6.4.3 that originates from an authorization bypass...

CVE-2024-51919

Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through = 6.4.3...