RHSA-2026:12194 Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Bulletin has no description...

Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

EUVD-2006-4714

Malware in sbrugna...

EUVD-2024-49212

Malicious code in bioql PyPI...

EUVD-2023-2807

Malicious code in bioql PyPI...

CVE-2025-8451

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. Thi...

CVE-2025-8451

CVE-2025-8451 — The WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets (Essential Addons for Elementor Lite) is vulnerable to a DOM-based Stored XSS via the data-gallery-items parameter in all versions up to and including 6.2.2. The issue arises from insuffici...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Essential Addons for Elementor plugin <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.2.2...

CVE-2023-5452

Cross-site Scripting XSS - Stored in GitHub repository snipe/snipe-it prior to v6.2.2...

CVE-2025-1287

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient...

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-8481

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

PT-2024-16401 · WordPress · Wp Travel Engine

Name of the Vulnerable Software and Affected Versions: The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress versions prior to 6.2.2 Description: The issue is related to a missing capability check on the wpte onboard save function callback function, allowing...

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 6.2.2, which can be exploited by a local attacker to gain access to sensitive...

WinSCP Terrapin Vulnerability - Windows

WinSCP is prone to a Terrapin vulnerability SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:winscp:winscp"; ifdescription...

WordPress Plugin Enjoy Social Feed Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15813 · WordPress · Enjoy Social Feed

Name of the Vulnerable Software and Affected Versions: Enjoy Social Feed plugin for WordPress versions through 6.2.2 Description: The issue concerns a lack of authorization in the database reset functionality of the plugin, allowing any authenticated user to reset the database. This means that ev...

PT-2023-20546 · Tibco Software · Tibco Hawk Distribution For Tibco Silver Fabric +3

Name of the Vulnerable Software and Affected Versions: TIBCO Hawk versions 6.2.2 and below TIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below TIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below TIBCO Runtime Agent versions 5.12.2 and below Description: The...

IBM Sterling Partner Engagement Manager 访问控制错误漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. An authentication error vulnerability exists in IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2.0, and 6.2.2, which stems from the program improperly authenticating a remo...