CVE-2026-8931

Disig Web Signer is affected by a critical Remote Code Execution (RCE) vulnerability in versions 2.0.3 through 2.5.3. The available documents confirm the product, affected version range, and the high-impact nature (RCE) of the issue. No concrete root-cause details, exploitation method, or remedia...

CVE-2025-68604 WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

CVE-2025-68604

WPGraphQL WordPress plugin

PT-2026-38354

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

EUVD-2025-33179

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed ev...

Linux Distros Unpatched Vulnerability : CVE-2025-54874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data...

WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Performance Pack versions = 2.5.3...

PT-2024-35228 · Unknown · Cyan Backup

Name of the Vulnerable Software and Affected Versions: CYAN Backup versions n/a through 2.5.3 Description: The issue is related to a Path Traversal vulnerability, specifically a '.../...//' vulnerability, which affects CYAN Backup. This allows for Path Traversal. Recommendations: For CYAN Backup...

WordPress plugin JobSearch 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-30791 · Eyecix · Eyecix Jobsearch

Name of the Vulnerable Software and Affected Versions: eyecix JobSearch versions n/a through 2.5.3 Description: A Cross-Site Request Forgery CSRF issue affects eyecix JobSearch, allowing an attacker to forge requests on a user's behalf. This can lead to unauthorized actions being performed withou...

WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JobSearch versions = 2.5.3...

PT-2024-27390 · Unknown · Kimili Flash Embed

Name of the Vulnerable Software and Affected Versions: Kimili Flash Embed versions 2.5.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

CVE-2022-23565

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

PT-2019-12512 · Synology · Note Station

Name of the Vulnerable Software and Affected Versions: Synology Note Station versions prior to 2.5.3-0863 Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the object id parameter. Recommendations: For versions prior to 2.5.3-0863, update...