OESA-2026-1607 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: A vulnerability classified as problematic has been found in Apache ActiveMQ Application Server Software.CWE is classifying the issue as CWE-190. The product performs a calculation that can produce...

EUVD-2025-10045

Malicious code in bioql PyPI...

CVE-2023-44227

Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9...

CVE-2023-39924

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mitchell Bennis Simple File List plugin = 6.1.9 versions...

CVE-2025-39589 WordPress Essential Addons for Elementor <= 6.1.9 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9...

CVE-2025-39590

CVE-2025-39590 corresponds to a Stored XSS in WPDeveloper Essential Addons for Elementor (affected: versions n/a–6.1.9). The vulnerability stems from improper input neutralization during Web Page Generation, enabling stored cross-site scripting. CVSS v3.1 metrics indicate a Network attack vector,...

CVE-2025-39590 WordPress Essential Addons for Elementor plugin <= 6.1.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.1.9...

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-30373

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

CVE-2025-30373

CVE-2025-30373 affects Graylog (Graylog2-server) starting with version 6.1, where HTTP Inputs can be configured to require a header/value for authentication. The flaw: when the required header is missing or has an incorrect value, the system returns HTTP 401 but ingests the message anyway, effect...

CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

WordPress plugin Broadcast Live Video 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-37155 OpenCTI May Bypass Introspection Restriction

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...

OpenCTI 访问控制错误漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. An access control error vulnerability exists in OpenCTI versions prior to 6.1.9, which stems from the ability to bypass regular expression validation used to block Introspection queries by removing redundant...

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...

CVE-2023-44227

Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9...

WordPress Plugin Simple File List 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-13180 · Mitchell Bennis · Simple File List

Name of the Vulnerable Software and Affected Versions: Simple File List versions 6.1.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Mitchell Bennis Simple File List. Recommendations: For versions 6.1.9 and earlier, update to a version that includes a f...

PT-2023-27158 · Unknown · Mitchell Bennis Simple File List

Name of the Vulnerable Software and Affected Versions: Mitchell Bennis Simple File List plugin versions = 6.1.9 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Mitchell Bennis Simple Fil...