5etools-utils (>=0.15.4 <=0.16.5), @0xx0lostcause0xx0/ncc-manager (>=0.1.0 <=0.7.0) +3268 more potentially affected by CVE-2026-44990 via sanitize-html (>=2.10.0 <=2.17.3)

sanitize-html NPM version =2.10.0, =0.15.4, =0.1.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =3.0.19, =1.3.0, =2.6.0, =2.0.0, =0.0.1, =0.0.5, =1.0.0, =1.2.364, =2.0.13 and more Source cves: CVE-2026-44990 Source advisory: SNYK:JS-SANITIZEHTML-16697325...

PT-2026-33032

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. Non-constant time comparisons risk private key leakage in FrodoKEM. This issue affects BC-JAVA: from 2.17.3 before 1.84...

SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

CVE-2026-21884 React Router SSR XSS in ScrollRestoration

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

Cross-site Request Forgery (CSRF)

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthoriz...

keda 安全漏洞

keda is a Kubernetes scaling software open source by KEDA. A security vulnerability exists in keda versions prior to 2.17.3 and prior to 2.18.3, which stems from insufficient path validation in TriggerAuthentication and could lead to arbitrary file reads...

PT-2025-52724

Name of the Vulnerable Software and Affected Versions KEDA versions prior to 2.17.3 KEDA versions prior to 2.18.3 Description KEDA is a Kubernetes-based Event Driven Autoscaling component. A flaw exists in KEDA that could allow an attacker with permissions to create or modify a...

AZL-71632 CVE-2025-65637 affecting package moby-compose for versions less than 2.17.3-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12

CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12. A patched version of the package is available...

PT-2024-17481 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions up to, and including, 2.17.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the "bitform-form-entry-edit" endpoint. This allows authenticated attacke...

WordPress plugin Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

AZL-53804 CVE-2024-36623 affecting package moby-compose for versions less than 2.17.3-8

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...

CVE-2023-45142 affecting package moby-compose for versions less than 2.17.3-7

CVE-2023-45142 affecting package moby-compose for versions less than 2.17.3-7. A patched version of the package is available...

OPENSUSE-SU-2024:12876-1 docker-compose-2.17.3-1.1 on GA media

These are all security issues fixed in the docker-compose-2.17.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-45288 affecting package moby-compose for versions less than 2.17.3-3

CVE-2023-45288 affecting package moby-compose for versions less than 2.17.3-3. A patched version of the package is available...

YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte, Inc. A security vulnerability exists in YugabyteDB Anywhere versions 2.0.0 through 2.17.3, which stems from the controller responsible for setting the logging level does not includ...

CVE-2022-0252

The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting...

Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool

The plugin does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...

[SECURITY] Fedora 34 Update: botan2-2.17.3-4.fc34

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...