EUVD-2026-25282

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

PT-2026-34728

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.9 Mastodon versions prior to 4.4.16 Mastodon versions prior to 4.3.22 Description Mastodon allows restricting new user sign-up based on e-mail domain names and performs basic validation on e-mail addresses, but i...

Mastodon 安全漏洞

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to 4.5.9, 4.4.16, and 4.3.22 contained security vulnerabilities due to a lack of mechanisms to prevent certain email servers from interpreting characters differently...

Pac4J JWT < 4.5.9 / 5.x < 5.7.9 / 6.x < 6.3.3 Authentication Bypass (CVE-2026-29000) (Direct Check)

Binary data pac4jjwtauthenticationbypasscve-2026-29000.nbin...

Vulnerability fixed in pac4j-jwt

Pac4j has fixed a vulnerability in the pac4j-jwt library specifically for versions before 4.5.9, 5.7.9 and 6.3.3. The vulnerability is located in the JwtAuthenticator module of the pac4j-jwt library. This vulnerability allows an attacker with access to the server's RSA public key to forge JWT...

Allocation of Resources Without Limits or Throttling

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the mimetex process. An attacker can exhaust server resources and cause service disruption by submitting specially crafted TeX formulas...

WordPress EventON plugin < 4.5.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.9...

EUVD-2025-38025

Improper Control of Generation of Code 'Code Injection' vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Code Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through = 4.5.9...

CVE-2025-47588 WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Code Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through = 4.5.9...

WordPress plugin Dynamic Pricing With Discount Rules for WooCommerce 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

CVE-2013-4621

Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities...

CVE-2024-8391

A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2024-8391

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

PT-2024-38985 · Eclipse · Eclipse Vert.X

Name of the Vulnerable Software and Affected Versions: Eclipse Vert.x versions 4.3.0 through 4.5.9 Description: The gRPC server in Eclipse Vert.x does not limit the maximum length of message payload, which can lead to potential issues. This issue does not affect the Vert.x gRPC server based on...

PT-2024-27896 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.5.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's "Social Icons" block due to...

CVE-2022-33869

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

PowerDNS Recursor DoS Vulnerability (2022-02)

PowerDNS Recursor is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Input validation

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service daemon crash via a DNS query that leads to an answer with specific properties...

PowerDNS Recursor 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor versions 4.5.9, 4.6.2, and 4.7.1 and earlier, which stems from improper cleanup when throwing exceptions when protobuf logging is enabled, leadin...