CVE-2026-6169 affiliate-toolkit <= 3.8.5 - Authenticated (Editor+) Remote Code Execution

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

EUVD-2026-26453

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

UBUNTU-CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

CVE-2026-25384

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...

CVE-2026-25384 WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...

CVE-2026-25384 WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...

PT-2026-23853

Name of the Vulnerable Software and Affected Versions Apache ZooKeeper versions 3.8.5 and 3.9.4 Description An issue exists in Apache ZooKeeper where improper handling of configuration values in ZKConfig can lead to the exposure of sensitive information. Specifically, client configuration data...

CVE-2025-49915

The CVE-2025-49915 entry describes an SQL Injection vulnerability in the Cozy Vision SMS Alert Order Notifications (WordPress SMS Alert Order Notifications) plugin for WordPress. Affected component: the sms-alert functionality within the plugin, with versions up to and including 3.8.5. Root cause...

EUVD-2025-18119

Malicious code in bioql PyPI...

EUVD-2025-17489

Malicious code in bioql PyPI...

ClipShare 代码问题漏洞

ClipShare is a cross-device shared clipboard by Thevindu Wijesekera Individual Developer. A code issue vulnerability exists in ClipShare versions prior to 3.8.5, which stems from a DLL being loaded in the wrong order, and may result in local elevation of privilege...

CVE-2023-36514

Cross-Site Request Forgery CSRF vulnerability in WooCommerce Shipping Multiple Addresses plugin = 3.8.5 versions...

Amaze File Manager 安全漏洞

Amaze File Manager is an open source file manager from Amaze. A security vulnerability exists in Amaze File Manager version v.3.8.5, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java...

Rebuild 代码注入漏洞

Rebuild is a highly customizable enterprise management system. A code injection vulnerability exists in Rebuild version 3.8.5, which stems from a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...

EPARK Kura Sushi Official App 安全漏洞

EPARK Kura Sushi Official App is a sushi purchasing and reservation storefront application from EPARK, Inc. A security vulnerability exists in the EPARK Kura Sushi Official App version prior to 3.8.5, which stems from an issue with the use of hard-coded encryption keys, where a local attacker may...

aiohttp < 3.8.5 HTTP Request Smuggling Vulnerability - Windows

aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

aiohttp < 3.8.5 HTTP Request Smuggling Vulnerability - Linux

aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-2791

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-22126 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.8.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output...

Slackware Linux 15.0 / current postfix Vulnerability (SSA:2024-022-01)

The version of postfix installed on the remote host is prior to 3.6.14 / 3.8.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-022-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...