CLEANSTART-2026-KJ56465 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 5.4.8-r0

Multiple security vulnerabilities affect the neuvector-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

CVE-2026-24872 Pointer arithmetic error in SkyFire_548

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the lack of enforced TLS verification in the login authentication. An attacker can intercept sensitive information or manipulate authentication data by performing a man-in-the-middle attack. Note:...

CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

WordPress plugin Woffice security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-27581

Name of the Vulnerable Software and Affected Versions Woffice Core versions through 5.4.8 Description A Cross Site Scripting XSS vulnerability in WofficeIO Woffice Core allows Reflected XSS. Recommendations For versions through 5.4.8, update to a version later than 5.4.8 to resolve the issue. At...

WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Woffice versions = 5.4.8...

VulnCheck KEV: CVE-2024-37472

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...

CVE-2023-32241

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin = 5.4.8 versions...

CVE-2023-2894

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

PT-2023-22040 · WordPress · Wp Easycart

Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process deactivate product function. This allows...