JDA (Java Discord API) downloads external URLs when updating message components

Impact Anyone using untrusted message components may be affected. On versions =6.0.0,6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request. If you are used MessagegetComponents or similar to get a list of components...

VulnCheck KEV: CVE-2024-44902

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

RHSA-2025:19809 Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update

Bulletin has no description...

GHSA-JFX9-29X2-RV3J pypdf can exhaust RAM via manipulated LZWDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the parsing of content streams containing inline images with the DCTDecode filter when the end-of-file marker is...

EUVD-2020-10102

Malware in sbrugna...

EUVD-2018-10768

Malware in sbrugna...

EUVD-2018-11511

Malware in sbrugna...

EUVD-2020-10084

Malware in sbrugna...

EUVD-2018-15607

Malware in sbrugna...

EUVD-2018-11510

Malware in sbrugna...

EUVD-2023-37015

Malicious code in bioql PyPI...

CVE-2024-25090

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted...

CVE-2022-3023

Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3...

CVE-2021-25894

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting XSS vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter...

CVE-2020-18157

Cross Site Request Forgery CSRF vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php...

CVE-2020-18175

SQL Injection vulnerability in Metinfo 6.1.3 via a dosafetyemailadd action in basic.php...

@angular-devkit/build-angular (>=19.2.0 <=19.2.0-rc.0), @angular/build (>=19.2.0 <=19.2.0-rc.0) +40 more potentially affected by CVE-2025-31486 via vite (>=6.1.0 <=6.1.3)

vite NPM version =6.1.0, =19.2.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

CVE-2025-31895

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in paulrosen ABC Notation abc-notation allows Stored XSS.This issue affects ABC Notation: from n/a through = 6.1.3...

CVE-2025-31895

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in paulrosen ABC Notation abc-notation allows Stored XSS.This issue affects ABC Notation: from n/a through = 6.1.3...