CVE-2025-54074

CVE-2025-54074 affects Cherry Studio desktop client, versions 1.2.5–1.5.1, which are vulnerable to OS command injection when connecting to a malicious MCP server over HTTP Streamable mode. The underlying issue arises during the OAuth-enabled connection process, allowing an attacker-controlled MCP...

WordPress Themify – WooCommerce Product Filter Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Themify – WooCommerce Product Filter Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44046 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b38cdc945b73 Credits bugcraftx Require...