Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin

On April 22nd, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Breeze Cache, a WordPress plugin with an estimated 400,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP backdoors, and...

CVE-2025-69318

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through = 2.4.5...

WordPress JobWP plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin JobWP versions = 2.4.5...

CVE-2025-65091 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page including guest users can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been...

CVE-2023-45806

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

EUVD-2025-202104

Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through = 2.4.5...

EUVD-2025-202301

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...

CVE-2025-67540

Technical details for CVE-2025-67540 are not provided in the given documents. No product/version/impact/fix details are available here; monitor for updates.

JLSEC-2025-55 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString...

JLSEC-2025-56 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...

WordPress plugin Wilmer Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

EulerOS 2.0 SP11 : binutils (EulerOS-SA-2025-1947)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function displayinf...

ALPINE-CVE-2025-5244

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elfgcsweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed...

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

CVE-2024-54514

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox...

CVE-2022-4527

A vulnerability was found in collective.task up to 3.0.8. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotel...

CVE-2022-45969

Alist v3.4.0 is vulnerable to Directory Traversal,...

CVE-2022-45748

creationtimestamp| type| source ---|---|--- 2025-04-03 15:34:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10246...

WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin Easy Booked – Appointment Booking and Scheduling Management System for WordPress versions = 2.4.5...