EUVD-2026-20964

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

GHSA-XRW6-GWF8-VVR9 Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of messages from D-Bus peers. An attacker can exhaust system resources, cause application crashes, or spoof signals by sending messages with excessive Unix file...

Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

PT-2026-31658

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

WordPress List Category Posts plugin <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Plugin's Shortcode vulnerability discovered by Khanh Nguyen - BlueRock - BlueRock in WordPress Plugin List category posts versions = 0.91.0...

EUVD-2025-37418

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-11377

The CVE-2025-11377 case is supported by multiple connected sources: WordPress List category posts plugin 0.92.0) or follow vendor advisories for fixes. Monitor for updates from CVE databases and the plugin maintainers to confirm remediation efficacy.

PT-2025-44703

Name of the Vulnerable Software and Affected Versions WordPress List category posts plugin versions prior to 0.92.0 Description The List category posts plugin for WordPress has an information exposure issue due to insufficient restrictions on posts included by the 'catlist' shortcode. This allows...

EUVD-2022-7099

Malicious code in bioql PyPI...

GHSA-PM73-X2H5-CMJ3 Apache StreamPipes Improper Privilege Management vulnerability

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

CVE-2023-31469

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

Cross site request forgery (csrf)

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

CVE-2023-31469 Apache StreamPipes: Privilege escalation through non-admin user

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

PT-2023-23347 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions 0.69.0 through 0.91.0 Description: A REST interface in Apache StreamPipes was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond th...

GHSA-GRV6-M753-3W2G NocoDB vulnerable to Denial of Service

NocoDB prior to 0.92.0 allows actors to insert large characters into the input field New Project on the create field, which can cause a Denial of Service DoS via a crafted HTTP request. Version 0.92.0 fixes this issue...

CVE-2022-3423

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...

Design/Logic Flaw

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...

PT-2022-22086 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.92.0 Description: The issue allows actors to cause a Denial of Service DoS by inserting large characters into the input field New Project on the create field via a crafted HTTP request. Recommendations: For versions...