XXE (XML External Entity Injection) Tika Dependency Vulnerability in Crucible Server and Fisheye Server

This Crucible Server and Fisheye Server release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the...

PT-2025-41664

Name of the Vulnerable Software and Affected Versions WP Links Page plugin for WordPress versions prior to 4.9.7 Description The WP Links Page plugin for WordPress is susceptible to SQL Injection through the id parameter. Insufficient input sanitization and inadequate SQL query preparation allow...

EUVD-2013-4178

Malware in sbrugna...

EUVD-2021-33944

Malicious code in bioql PyPI...

EUVD-2025-24741

Malicious code in bioql PyPI...

CVE-2025-58362

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

CVE-2025-58362

Hono web framework (versions 4.8.0–4.9.5) contains a flaw in the getPath utility (parsing in utils/url.ts) that can cause path confusion when handling certain malformed absolute-form Request-URIs, potentially bypassing proxy-level ACLs (e.g., Nginx location blocks). The root cause is reliance on ...

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

Use of Incorrectly-Resolved Name or Reference

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the getPath function in the utils/url.ts file. An attacker can gain unauthorized access to protected endpoints by sending specially craft...

PT-2025-36105

Name of the Vulnerable Software and Affected Versions: Hono versions 4.8.0 through 4.9.5 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw exists in the getPath utility function that could allow path confusion and potential bypass of...

CVE-2025-30998

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through = 4.9.6...

CVE-2025-30998 WordPress WP Links Page plugin <= 4.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through = 4.9.6...

CVE-2025-30998

CVE-2025-30998 affects WordPress WP Links Page (versions up to 4.9.6). Root cause: improper neutralization of special elements in SQL commands, enabling SQL injection. Impact per available data: potential high confidentiality impact and low availability impact (CVSS 3.1 base 8.5). Public document...

PT-2025-33163 · WordPress · Wp Links Page

Name of the Vulnerable Software and Affected Versions: WP Links Page versions through 4.9.6 Description: The software contains an improper neutralization of special elements used in an SQL command, which allows for SQL injection. Recommendations: Update WP Links Page to a version later than 4.9.6...

WordPress plugin WP Links Page SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Links...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-3527

CVE-2025-3527 concerns the EventON Pro WordPress plugin (WordPress Virtual Event Calendar Plugin) up to version 4.9.6. The issue is a missing capability check in assets/lib/settings/settings.js that allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scri...

RHSA-2021:4118 Red Hat Security Advisory: OpenShift Container Platform 4.9.6 packages and security update

Bulletin has no description...

CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...