EUVD-2026-37131

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

MGASA-2026-0180 Updated packagekit packages fix security vulnerability

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...

RLSA-2026:19354 Important: PackageKit security update

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...

EUVD-2026-27193

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files...

SUSE-SU-2026:21427-1 Security update for PackageKit

This update for PackageKit fixes the following issues: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...

Important: PackageKit security update

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...

Important: PackageKit security update

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...

WordPress plugin Dreamer Blog 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2022-52203

Malicious code in bioql PyPI...

CVE-2025-1562

CVE-2025-1562 (FunnelKit Automations for WordPress,

Exploit for Missing Authorization in Stylemixthemes Motors_-_Car_Dealer\,_Classifieds_\&_Listing

CVE-2025-2807: Motors Plugin Exploit By: Nxploited | Khal...

CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...

CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...

CVE-2025-30911

The CVE-2025-30911 vulnerability affects the WordPress plugin RomethemeKit For Elementor (versions

WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability

Arbitrary Plugin Installation/Activation to RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin RTMKit versions = 1.5.4...

CVE-2025-25101 WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7...

CVE-2025-25107 WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1...

Hunk Companion Plugin for WordPress < 1.9.0 Arbitrary Plugin Installation

The WordPress Hunk Companion Plugin installed on the remote host is affected by an improper access control vulnerability allowing a remote and unauthenticated attacker to install any plugin on the affected WordPress instance. Note that the scanner has not tester for these issues but has instead...

CVE-2024-54369

CVE-2024-54369 pertains to Zita Site Builder (WordPress) up to version 1.0.2, where Missing Authorization to Arbitrary Plugin Installation enables Accessing/Activating plugins without proper ACL checks. Connected Red Hat advisory and RH security notes describe the issue as a Missing Authorization...

CVE-2022-4950 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber...