CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

CVE-2025-53209

Masteriyo LMS PRO (WordPress)

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

EUVD-2025-210035

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

GHSA-2VX9-7WPG-88JQ n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

log4j-2.20.0-2.1 on GA media (moderate)

log4j-2.20.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10544-1 Rating: moderate Cross-References: CVE-2026-34477 CVE-2026-34479 CVE-2026-34480 CVE-2026-34481 CVSS scores: CVE-2026-34477 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2026-34479 SUSE : 5.3...

OPENSUSE-SU-2026:10476-1 python311-Pygments-2.20.0-2.1 on GA media

These are all security issues fixed in the python311-Pygments-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10263-1 heroic-games-launcher-2.20.0-2.1 on GA media

These are all security issues fixed in the heroic-games-launcher-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10236-1 heroic-games-launcher-2.20.0-1.1 on GA media

These are all security issues fixed in the heroic-games-launcher-2.20.0-1.1 package on the GA media of openSUSE Tumbleweed...

Permissive Cross-domain Policy with Untrusted Domains

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CORSConfig.allowedoriginsregex, which uses a regex built from configured allowli...

Incorrect Regular Expression

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Incorrect Regular Expression via the allowedhosts host validation. An attacker can gain unauthorized access by supplying a specially crafted...

CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

CVE-2026-25479

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

CVE-2023-49550

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component...

OPENSUSE-SU-2026:10009-1 log4j-2.20.0-1.1 on GA media

These are all security issues fixed in the log4j-2.20.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

EUVD-2018-0555

Malware in sbrugna...