CVE-2026-25423

Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through = 4.19.1...

WordPress plugin Real 3D FlipBook 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Real 3D FlipBook plugin <= 4.16.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Real 3D FlipBook versions = 4.16.4...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001262 advisory. In the Linux kernel before 4.16.4, a double free vulnerability in the fmidisetalt function of drivers/usb/gadget/function/fmidi.c in the fmidi driver may allow...

EUVD-2025-28807

Malicious code in bioql PyPI...

CVE-2025-8878

CVE-2025-8878 affects the Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress for WordPress. Affected versions are all up to 4.16.4. Root cause: unauthenticated user-supplied input is not properly validated before executing do_shor...

CVE-2025-8878 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution

The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing users to execute an...

PT-2025-33593 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress versions prior to 4.16.5 Description: The ProfilePress WordPress plugin is susceptible to arbitrary shortcode execution. The software does not properly validate a value before running do shortcode, allowing unauthenticated...

PT-2024-17416 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.16.4 Description: The issue is related to Stored Cross-Site Scripting via the profile picture upload functionality due to...

samba security update

4.16.4-103.0.1 - Fix memleak in nsswinbindinitgroupsdyn Orabug: 34994509 4.16.4-103 - related: rhbz2154372 - Add additional patches for CVE-2022-38023 4.16.4-102 - Fix CVE-2022-38023 - resolves: rhbz2154372...

DEBIAN-CVE-2022-45062

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper...

WordPress WordPress File Upload plugin <= 4.16.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered in WordPress WordPress File Upload plugin versions = 4.16.3. Solution Update the WordPress WordPress File Upload plugin to the latest available version at least 4.16.4...