CVE-2026-41501

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an...

CVE-2026-6287 ShopLentor - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Product Grid 'blockUniqId' Block Attribute

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...

WordPress plugin ShopLentor - WooCommerce Builder for Elementor & Gutenberg 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2025-204050

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through = 3.3.8...

WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.8...

WordPress Academy LMS Pro plugin <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script' vulnerability

Unauthenticated Sensitive Information Exposure via 'enqueuesocialloginscript' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS Pro versions = 3.3.8...

Linux Distros Unpatched Vulnerability : CVE-2018-14631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provide...

CVE-2023-37867

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8...

Apache CXF Cross-Site Scripting Vulnerability (CNVD-2020-66585)

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs. A cross-site scripting vulnerability exists in Apache CXF version 3.4.1 and all version...