CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

PT-2026-3959

Name of the Vulnerable Software and Affected Versions Element Pack Elementor Addons versions through 8.3.13 Description A Cross-Site Request Forgery CSRF issue exists in Element Pack Elementor Addons. This allows attackers to perform actions on behalf of authenticated users. Recommendations Updat...

WordPress plugin bdthemes-element-pack-lite has a cross-site request forgeing vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

SUSE SLES15 Security Update : kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:0176-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0176-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.176 fixes various security issues The following security issues were fixed: ...

CVE-2021-47868

CVE-2021-47868 affects WIN-PACK PRO 4.8. The WPCommandFileService has an unquoted service path vulnerability that could allow a local attacker to execute code with LocalSystem privileges by exploiting the unquoted path in the service executable (C:\Program Files (x86)\WINPAKPRO\WPCommandFileServi...

CVE-2021-47867

The CVE-2021-47867 entry applies to WIN-PACK PRO 4.8, affecting the ScheduleService through an unquoted service path vulnerability. The unquoted path “C:\Program Files \WINPAKPRO\ScheduleService Service.exe” can allow a local attacker to inject code that executes with elevated privileges during s...

CVE-2021-47867 WIN-PACK PRO 4.8 - 'ScheduleService' Unquoted Service Path

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe' to inject malicious code...

CVE-2021-47867 WIN-PACK PRO 4.8 - 'ScheduleService' Unquoted Service Path

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe' to inject malicious code...

CVE-2021-47868

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files \WINPAKPRO\WPCommandFileService Service.exe to inject malicious co...

CVE-2021-47868 WIN-PACK PRO 4.8 - 'WPCommandFileService' Unquoted Service Path

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files \WINPAKPRO\WPCommandFileService Service.exe to inject malicious co...

CVE-2021-47866 WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files \WINPAKPRO\WP GuardTour Service.exe to inject malicious code th...

Security Bulletin: Due to IBM Tivoli Monitoring, IBM Cloud Pak System is affected by vulnerability [CVE-2024-40725]

Summary Due to IBM Tivoli Monitoring, IBM Cloud Pak System is affected by vulnerability. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers...

OSV-2026-97 Heap-buffer-overflow in vpx_wb_write_literal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476466137 Crash type: Heap-buffer-overflow WRITE 1 Crash state: vpxwbwriteliteral vp9packbitstream encodeframetodatarate...

PT-2026-3820

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:Program Files WINPAKPROWPCommandFileService Service.exe to inject malicious code...

Honeywell WIN-PACK PRO code issue vulnerability

Honeywell WIN-PACK PRO is a security management platform software developed by the American company Honeywell. Version 4.8 of Honeywell WIN-PACK PRO contains a code vulnerability. This vulnerability stems from the WPCommandFileService having a service path without quotes, which may allow local...

Honeywell WIN-PACK PRO code issue vulnerability

Honeywell WIN-PACK PRO is a security management platform software developed by the American company Honeywell. Version 4.8 of Honeywell WIN-PACK PRO contains a code vulnerability. This vulnerability stems from the GuardTourService having service paths that are not enclosed in quotes, which may...

Honeywell WIN-PACK PRO code issue vulnerability

Honeywell WIN-PACK PRO is a security management platform software developed by the American company Honeywell. Version 4.8 of Honeywell WIN-PACK PRO contains a code vulnerability. This vulnerability stems from the ScheduleService component, which uses service paths without quotes, potentially...

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-23950 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-23950 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15038582...

Holmes: An Evidence-Grounded LLM Agent for Auditable DDoS Investigation in Cloud Networks

Cloud environments face frequent DDoS threats due to centralized resources and broad attack surfaces. Modern cloud-native DDoS attacks further evolve rapidly and often blend multi-vector strategies, creating an operational dilemma: defenders need wire-speed monitoring while also requiring...

SUSE SLES12 Security Update : kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:0155-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0155-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: -...