CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

CVE-2026-35454

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

PT-2026-4220

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through = 2.4.2...

WordPress Freshio theme <= 2.4.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Freshio versions = 2.4.2...

CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

WordPress plugin Woostify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-58749 WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

CVE-2025-58749

CVE-2025-58749 affects WebAssembly Micro Runtime (WAMR) prior to version 2.4.2. In LLVM-JIT mode, WebAssembly programs containing a memory.fill instruction with the first operand (memory address pointer) &gt;= 2 GiB could cause the runtime to hang (release builds) or crash (debug builds) due to i...

CVE-2025-58749 WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

Seismic App 安全漏洞

Seismic App is a mobile application for a sales empowerment platform from Seismic USA. A security vulnerability exists in Seismic App version 2.4.2, which stems from an improper export of the file AndroidManifest.xml component and could lead to a local attack...

PT-2025-36179

Name of the Vulnerable Software and Affected Versions: Ibnul H. Custom Team Manager versions through 2.4.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting XSS. Recommendations: Update Ibn...

CVE-2024-9653

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin TemplateSpare 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Plugin WooCommerce Google Feed Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

CVE-2023-33329

Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...

PYSEC-2022-272

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2...

express-restify-mongoose information disclosure vulnerability

express-restify-mongoose is a tool for creating interfaces for Mongoose Model. A security vulnerability exists in express-restify-mongoose version 2.4.2 and earlier and versions 3.0.X through 3.0.1. An attacker can exploit the vulnerability by sending a request to obtain the passwords of all user...