EUVD-2026-5157

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

net-snmp security update

1:5.7.2-49.0.3 - Fix out of bound access Orabug: 38873509CVE-2025-68615...

Interpretation Conflict

Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict via the Content-Type header processing. An attacker can bypass body validation by appending a tab character \t and arbitrary content to the Content-Type header,...

CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...

CVE-2026-24381

Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...

CVE-2025-11369 Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the getinstagramaccesstokencallback, googlemapapikeysavecallback and getsiteinfo functions in all...

EUVD-2020-30805

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2020-36865

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

CVE-2020-36863

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An...

PT-2025-44548

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the Business Process Intelligence BPI component’s Config Management and Edit Config page. Insufficient validati...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.2, which stems from insufficient...

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.1...

EUVD-2024-23211

Malicious code in bioql PyPI...

EUVD-2022-1314

Malicious code in bioql PyPI...

EUVD-2024-35721

Malicious code in bioql PyPI...

EUVD-2024-23209

Malicious code in bioql PyPI...

EUVD-2023-45803

Malicious code in bioql PyPI...

EUVD-2024-23210

Malicious code in bioql PyPI...

CVE-2024-30513

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2...