CLEANSTART-2026-GU55430 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-9h8m-3fm2-qjrq, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.9.4-r0, 1.9.4-r1, 1.9.4-r2, 1.9.4-r3

Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

PT-2025-33691 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.9.3 through 1.9.4 Description: OpenFGA is an authorization/permission engine. Versions 1.9.3 through 1.9.4 are susceptible to improper policy enforcement during specific Check and ListObject calls. Recommendations: Upgrade ...

CVE-2024-48917

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

PT-2024-30781 · Jegstudio · Jegstudio Gutenverse

Name of the Vulnerable Software and Affected Versions: Jegstudio Gutenverse versions 1.9.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker can...

PT-2024-30778 · Unknown · Wbw Product Table Pro

Name of the Vulnerable Software and Affected Versions: WBW Product Table PRO versions 1.9.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

WordPress Arconix FAQ plugin <= 1.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Arconix FAQ versions = 1.9.4...

WordPress Plugin M Chart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-14568 · WordPress · Wp-Table Reloaded

Name of the Vulnerable Software and Affected Versions: WP-Table Reloaded WordPress plugin versions 1.9.4 and earlier Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as...

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

WordPress safe-svg denial of service vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. safe-svg is an SVG Scalable Vector Graphics upload plugin used in it. A denial of service vulnerability exists in WordPress safe-svg...