EUVD-2025-209421

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

CVE-2025-31991

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

CVE-2025-31991

The CVE-2025-31991 entries describe a brute-force risk in HCL DevOps Velocity caused by improper enforcement of login rate limiting. Affected software is HCL DevOps Velocity (no specific build details provided beyond the fixed version). The root cause is insufficient restrictions on successive lo...

WordPress plugin Download Monitor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Unity Linux 20.1070e Security Update: python-django (UTSA-2026-005917)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005917 advisory. An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are...

@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +891 more potentially affected by CVE-2026-27903 via minimatch (>=5.0.0 <=5.1.7)

minimatch NPM version =5.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =0.4.13, =2.3.0, =2.3.0, =2.2.1, =2.2.1, =2.2.2 - @aid-on/aidify =0.1.2 and more Source cves: CVE-2026-27903 Source advisory: SNYK:JS-MINIMATCH-15353389...

CVE-2025-31990

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service DoS attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability ...

EUVD-2025-206899

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service DoS attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability ...

CVE-2025-31990

The CVE-2025-31990 entry concerns HCL Velocity where rate limiting on certain API calls is not enforced, enabling Denial of Service (DoS) by attackers sending a high volume of requests. The Red Hat/NVD/CVE listings confirm the affected product is HCL Velocity and that the issue leads to resource ...

EUVD-2022-52864

Malicious code in bioql PyPI...

CVE-2022-31321

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service DoS via a crafted input...

OPENSUSE-SU-2025:14913-1 python311-Django-5.1.7-1.1 on GA media

These are all security issues fixed in the python311-Django-5.1.7-1.1 package on the GA media of openSUSE Tumbleweed...

PYSEC-2025-13

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings...

PT-2025-1969 · WordPress · Adforest

Name of the Vulnerable Software and Affected Versions: AdForest theme for WordPress versions up to and including 5.1.7 Description: The issue concerns unauthorized modification of data due to a missing capability check on several AJAX actions, such as the sb remove ad action. This allows...

PT-2024-36220 · Unknown · Projectopia

Name of the Vulnerable Software and Affected Versions: Projectopia versions through 5.1.7 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability. This vulnerability allows attackers to bypass authentication using an alternate path. There is ...

WordPress Projectopia plugin <= 5.1.7 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Projectopia versions = 5.1.7...

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL databas...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...