EUVD-2026-25580

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...

EUVD-2007-5897

Malware in sbrugna...

CVE-2024-47120

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges...

CVE-2024-45671 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-45671

IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8 use weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The available connected sources confirm this vulnerability exists in ISIQ and note remediation is to upgrade to the latest ...

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is an integration product from International Business Machines IBM, Inc. utilizes Kafka technology and a publish/subscribe model to integrate data between IBM Security products. A cryptographic issue vulnerability exists in IBM Security Verify Information Que...

Linux Distros Unpatched Vulnerability : CVE-2022-41941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may...

CVE-2025-54044

CVE-2025-54044 is a reflected XSS vulnerability in WordPress Elite Video Player

Malicious code in testing123kk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bebd39f4de86af5e9634fbfda5f8c97794b597b1066c2fcd32e3a2068569280d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-30986

Cross-Site Request Forgery CSRF vulnerability in CreativeMedia Elite Video Player elite-video-player allows Cross Site Request Forgery.This issue affects Elite Video Player: from n/a through = 10.0.5...

CVE-2025-30986

Cross-Site Request Forgery CSRF vulnerability in CreativeMedia Elite Video Player elite-video-player allows Cross Site Request Forgery.This issue affects Elite Video Player: from n/a through = 10.0.5...

CVE-2025-30986 WordPress Elite Video Player plugin <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in CreativeMedia Elite Video Player elite-video-player allows Cross Site Request Forgery.This issue affects Elite Video Player: from n/a through = 10.0.5...

WordPress plugin Elite Video Player 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-22722

GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the...

OESA-2025-1416 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0...

DEBIAN-CVE-2024-53868

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue...

PT-2024-35457 · Vue-I18N · Vue-I18N

Name of the Vulnerable Software and Affected Versions: vue-i18n versions prior to 9.14.2 vue-i18n versions prior to 10.0.5 Description: The issue concerns a Cross-site Scripting XSS attack possibility in vue-i18n, an internationalization plugin for Vue.js. This occurs when locale message ASTs are...

Jetty WEB-INF File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jetty WEB-INF File Disclosure', 'Description' = %q Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-37532)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

GHSA-RPJ9-XJWM-WR6W Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality

Impact Stored Cross-site scripting XSS enable attackers to inject malicious code into Print Functionality Patches 12.1.4, 10.0.5 References https://docs.umbraco.com/umbraco-commerce/release-notesid-13.0.0-december-13th-2023...