📄 minimatch Denial of Service

minimatch suffers from a regular expression denial of service vulnerability. Versions prior to 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 are affected...

EUVD-2026-8801

minimatch has ReDoS: matchOne combinatorial backtracking via multiple non-adjacent GLOBSTAR segments...

Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

PT-2026-22079

Name of the Vulnerable Software and Affected Versions minimatch versions prior to 10.2.3 minimatch versions prior to 9.0.7 minimatch versions prior to 8.0.6 minimatch versions prior to 7.4.8 minimatch versions prior to 6.2.2 minimatch versions prior to 5.1.8 minimatch versions prior to 4.2.5...

EUVD-2025-208093

The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 9.0 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

Improper Authorization org.springframework:spring-core Dependency in Confluence Data Center and Server

This High severity Improper Authorization vulnerability known as CVE-2025-41249 was introduced in versions 7.19 of Confluence Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...

WordPress plugin WP Recipe Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...

EUVD-2003-0084

Malware in sbrugna...

EUVD-2025-24668

Malicious code in bioql PyPI...

WordPress Quiz And Survey Master Plugin < 10.2.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:expresstech:quizandsurveymaster"; if description...

CVE-2025-6790

The CVE concerns WordPress plugin Quiz and Survey Master (QSM) versions before 10.2.3. The root cause is lack of CSRF protection when updating plugin settings, which could allow a logged-in admin to have settings modified via CSRF. The vulnerability is identified across multiple sources with a CV...

CVE-2025-6790 QSM < 10.2.3 - Template Creation via CSRF

The Quiz and Survey Master QSM WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress PowerPress Podcasting Plugin <= 10.2.3 is vulnerable to Cross Site Scripting (XSS)

Software PowerPress Podcasting Type Plugin Vulnerable versions = 10.2.3 Fixed in 10.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 51009255116e Credits N/A Required privilege...

CVE-2022-26155

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...

CVE-2022-26158

CVE-2022-26158 affects Cherwell Service Management (CSM) 10.2.3 web application, where a client-controlled Host header is reflected and can trigger a 302 redirect to an attacker-controlled page by injecting a malicious URL in Host. This creates an indirect navigation/redirect vulnerability. Affec...

CVE-2022-26156

CVE-2022-26156 affects Cherwell Service Management (CSM) web application, version 10.2.3. The issue is an injection of a malicious payload into the RelayState= parameter of the HTTP request body, causing form-action hijacking by altering the form submission URL to an attacker-controlled endpoint....

Cherwell Service Management 信息泄露漏洞

Cherwell Service Management is flexible, feature-rich ITSM software that is easy to use, configure, and maintain. An information disclosure vulnerability exists in Cherwell Service Management that stems from the product not effectively protecting the ASP.NETSessionid cookie. The vulnerability can...

Cherwell Service Management 跨站脚本漏洞

Cherwell Service Management is a comprehensive service desk solution from Cherwell USA, validated against 11 ITIL® processes. Meet the changing and growing needs of your entire organization with less hassle and lower costs. A cross-site scripting vulnerability exists in Cherwell Service Managemen...