CLEANSTART-2026-TM31143 Security fixes for CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.4.10-r0, 1.4.13-r0, 1.4.14-r0, 1.4.8-r0

Multiple security vulnerabilities affect the stakater-reloader package. These issues are resolved in later releases. See references for individual vulnerability details...

WordPress plugin Portfolio Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress WPS Visitor Counter plugin plugin <= 1.4.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPS Visitor Counter versions = 1.4.8...

EUVD-2025-24161

Malicious code in bioql PyPI...

CVE-2025-54063

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

CVE-2025-54063

CVE-2025-54063 affects Cherry Studio desktop client (versions 1.4.8–1.5.0) due to improper handling of custom URLs, enabling remote code execution when a user clicks a crafted link or visits a malicious site. The underlying vulnerability is triggered by the app’s custom URL handler, leading to co...

cherry 代码注入漏洞

cherry is an HTTP server for Chee Personal Developers. A code injection vulnerability exists in cherry versions 1.4.8 through 1.5.0, which stems from improper handling of custom URLs and could lead to remote code execution...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2024-55238 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.8)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2024-55238 Source advisory: SNYK:JAVA-ORGOPENMETADATA-9833967...

WordPress plugin Passwords Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2025-4466 · Elex · Elex Woocommerce Advanced Bulk Edit Products

Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions 1.4.8 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which occurs due to the improper...

PT-2024-26508 · WordPress · Wordpress Backup & Migration

Name of the Vulnerable Software and Affected Versions: WordPress Backup & Migration plugin versions up to, and including, 1.4.8 Description: The issue allows authenticated attackers with subscriber access or above to access log files maintained by the plugin due to a missing capability check on t...

PT-2023-31658 · Accredible · Accredible Certificates & Open Badges

Name of the Vulnerable Software and Affected Versions: Accredible Certificates & Open Badges versions 1.4.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

PT-2023-30379 · Avirtum · Avirtum Ipages Flipbook For Wordpress

Name of the Vulnerable Software and Affected Versions: Avirtum iPages Flipbook For WordPress versions 1.4.8 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential...

WordPress plugin Login with Cognito 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-14060 · WordPress · Login With Cognito

Name of the Vulnerable Software and Affected Versions: Login with Cognito WordPress plugin versions 1.4.8 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

UBUNTU-CVE-2019-3462

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine...