Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin

On April 22nd, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Breeze Cache, a WordPress plugin with an estimated 400,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP backdoors, and...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

EUVD-2025-202104

Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through = 2.4.5...

CVE-2025-67540

Technical details for CVE-2025-67540 are not provided in the given documents. No product/version/impact/fix details are available here; monitor for updates.

JLSEC-2025-56 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...

WordPress plugin Wilmer Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

ALPINE-CVE-2025-5244

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elfgcsweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed...

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin Easy Booked – Appointment Booking and Scheduling Management System for WordPress versions = 2.4.5...

CVE-2024-20716

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the applicatio...

PT-2023-21019 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: Jizhicms version 2.4.5 Description: An arbitrary file upload vulnerability in the CommonController.php component allows attackers to execute arbitrary code via a crafted phtml file. This issue is related to the admincCommonController.php...

PT-2023-12307 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: jeecg-boot versions 2.4.5 and earlier Description: The issue allows remote attackers to gain escalated privilege and view sensitive information. This is achieved via the "api uri:/sys/user/checkOnlyUser?username=admin" endpoint, where the...

UBUNTU-CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

Apache HTTP Server 环境问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to an environmental issue that results from Apache HTTP Server's inability to close inbound connections when dropping the body of a request, leading to request smuggling. The vulnerability...

PYSEC-2020-95

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...