EUVD-2026-37603

Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...

EUVD-2026-29755

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

CVE-2026-4758

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-lev...

EUVD-2026-11047

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this...

PT-2026-24560

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...

EUVD-2026-2495

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the relevant registers...

EUVD-2026-2492

In the Linux kernel, the following vulnerability has been resolved: viawdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocateresource to reserve a MMIO region for the watchdog control register. However, the allocated resource was not given a name, whi...

CVE-2026-22490 WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through = 2.4.9...

CVE-2026-22490

CVE-2026-22490 affects Bulk Landing Page Generator for WordPress LPagery (LPagery) with a Missing Authorization flaw up to version 2.4.9. Wordfence notes this as LPagery

CVE-2022-4940

creationtimestamp| type| source ---|---|--- 2026-01-04 21:02:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbmt47va2r2h...

WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Free Shipping Bar: Amount Left for Free Shipping for WooCommerce versions = 2.4.9...

EUVD-2025-200243

Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9...

CVE-2025-13295

CVE-2025-13295 affects Argus Technology Inc. BILGER prior to version 2.4.9 . The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability, enabling a potential attack related to selecting a Message Identifier. The vulnerability is rated CVSS 3.1: 7.5 (HIGH) with a ...

PT-2025-48681

Name of the Vulnerable Software and Affected Versions Argus Technology Inc. BILGER versions prior to 2.4.9 Description A flaw exists in Argus Technology Inc. BILGER that allows for the insertion of sensitive information into sent data through the manipulation of message identifiers. The issue...

EUVD-2025-27277

Malicious code in bioql PyPI...

PT-2025-35344

Name of the Vulnerable Software and Affected Versions: Ocean Extra plugin for WordPress versions through 2.4.9 Description: The Ocean Extra plugin for WordPress is susceptible to Stored Cross-Site Scripting via the oceanwp library shortcode due to insufficient input sanitization and output escapi...

Linux Distros Unpatched Vulnerability : CVE-2021-32786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users...

PT-2025-32863 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.9-alpha1 through 2.4.4-p14 and earlier Description: Adobe Commerce is affected by an improper input validation issue that could lead to a denial-of-service DoS. An attacker could exploit this issue by providing...

CVE-2023-30948

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...

CVE-2022-49866 net: wwan: mhi: fix memory leak in mhi_mbim_dellink

In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhimbimdellink MHI driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patch...