91 matches found
Deserialization of Untrusted Data
Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveProxyClass function. An attacker...
CLEANSTART-2026-RX06063 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-3p65-76g6-3w7r, ghsa-6pjf-3r9x-m592, ghsa-78h2-9frx-2jm8, ghsa-9h8m-3fm2-qjrq, ghsa-f2g3-hh2r-cwgc, ghsa-hfvc-g4fc-pqhx, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-w8rr-5gcm-pp58 applied in versions: 2.1.13-r0, 2.1.13-r1, 2.1.13-r2
Multiple security vulnerabilities affect the zot package. These issues are resolved in later releases. See references for individual vulnerability details...
EUVD-2026-20992
Unhead has a hasDangerousProtocol bypass via leading-zero padded HTML entities in useHeadSafe...
Incomplete List of Disallowed Inputs
Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicious URIs into the...
CVE-2026-39315
Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol function in packages/unhead/src/plugins/safe.ts decodes HTML...
CVE-2026-39315 Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol function in packages/unhead/src/plugins/safe.ts decodes HTML...
unhead 安全漏洞
Unhead is a document header and template manager open source by UnJS. Versions of Unhead prior to 2.1.13 contained security vulnerabilities; these vulnerabilities stemmed from regular expression restrictions during the decoding of HTML entities, which could lead to cross-site scripting attacks...
CVE-2025-8350 Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS
Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...
CVE-2025-8350 Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS
Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...
WordPress IDonate plugin < 2.1.13 - Unauthenticated User Deletion vulnerability
Unauthenticated User Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin IDonate versions 2.1.13...
CVE-2025-11154
CVE-2025-11154 affects IDonate for WordPress, vulnerable in versions prior to 2.1.13 due to missing authorization and CSRF protection when deleting users via an action handler. This unauthenticated flow allows an attacker to delete arbitrary users. Reported across multiple sources (Wordfence, Pat...
WordPress plugin IDonate 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2021-23378
Malware in sbrugna...
EUVD-2021-1945
Malware in sbrugna...
EUVD-2021-23380
Malware in sbrugna...
EUVD-2019-9090
Malware in sbrugna...
EUVD-2005-4365
Malware in sbrugna...
EUVD-2021-23381
Malware in sbrugna...
EUVD-2021-23379
Malware in sbrugna...
EUVD-2024-34518
Malicious code in bioql PyPI...