EUVD-2025-28366

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-43859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU tim...

CVE-2025-54381

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

WordPress plugin Pie Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16991 · WordPress · The Drag & Drop Builder

Name of the Vulnerable Software and Affected Versions: The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress versions up to, and including, 1.4.19 Description: The issue is related to Reflected Cross-Site Scriptin...

WordPress Drag & Drop Builder plugin <= 1.4.19 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Drag & Drop Builder versions = 1.4.19...

CVE-2024-50447

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19...

WordPress plugin Elementor Templates & Widgets for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2024-34222 · Envo · Elementor Templates & Widgets For Woocommerce

Name of the Vulnerable Software and Affected Versions: Envo's Elementor Templates & Widgets for WooCommerce versions 1.4.19 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored...

WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.19...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.19 Fixed in 1.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c4d14cb691 Credits...

GHSA-6GR4-52W6-VMQX rke's credentials are stored in the RKE1 Cluster state ConfigMap

Impact When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: -...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop eotags version prior to 1.4.19, which stems from the presence ...

PT-2023-21214 · Prestashop · Eo Tags

Name of the Vulnerable Software and Affected Versions: eo tags package versions prior to 1.4.19 for PrestaShop Description: The issue allows SQL injection via a crafted ga cookie. This enables potential attackers to inject malicious SQL code, potentially leading to unauthorized access or...

SUSE CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

xstream: Injecting highly recursive collections or maps can cause a DoS

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

OESA-2022-1512 xstream security update

Java XML serialization library. Security Fixes: XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload...

WordPress 10Web Social Photo Feed plugin <= 1.4.18 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze and Thura Moe Myint in WordPress 10Web Social Photo Feed plugin versions = 1.4.18. Solution Update the WordPress 10Web Social Photo Feed plugin to the latest available version at least 1.4.19...

lighttpd 1.4.19 mod_userdir区分大小写比较导致代码泄露漏洞

No description provided by source...

lighttpd 1.4.19 重复头部请求导致拒绝服务漏洞

No description provided by source...