Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

Oracle Linux 9 : valkey (ELSA-2025-21916)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21916 advisory. 8.0.6-2 - rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 Tenable has extracted the preceding description block direct...

valkey security update

8.0.6-2 - rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819...

CVE-2025-49844 affecting package valkey for versions less than 8.0.6-1

CVE-2025-49844 affecting package valkey for versions less than 8.0.6-1. A patched version of the package is available...

Fedora 42 : valkey (2025-3055a5b407)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3055a5b407 advisory. Valkey 8.0.6 - Released Fri 03 October 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possibl...

CVE-2025-46818 affecting package valkey for versions less than 8.0.6-1

CVE-2025-46818 affecting package valkey for versions less than 8.0.6-1. A patched version of the package is available...

CVE-2025-46819 affecting package valkey for versions less than 8.0.6-1

CVE-2025-46819 affecting package valkey for versions less than 8.0.6-1. A patched version of the package is available...

SUSE-SU-2025:03502-1 Security update for valkey

This update for valkey to version 8.0.6 fixes the following security issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818:...

EUVD-2025-19292

Malicious code in bioql PyPI...

EUVD-2024-29323

Malicious code in bioql PyPI...

EUVD-2024-29920

Malicious code in bioql PyPI...

EUVD-2023-35405

Malicious code in bioql PyPI...

BIT-MONGODB-2025-10059 MongoDB Server router will crash when incorrect lsid is set on a sharded query

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument lsid is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 a...

Linux Distros Unpatched Vulnerability : CVE-2019-17565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to...

CVE-2025-52717

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a through = 8.0.6...

PT-2025-27116 · Lifterlms · Lifterlms

Name of the Vulnerable Software and Affected Versions: LifterLMS versions n/a through 8.0.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

CVE-2024-31434

Cross-Site Request Forgery CSRF vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a through 8.0.6...

CVE-2021-2140

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Rules Framework. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2021-24342

The JNews WordPress theme before 8.0.6 did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue...

WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Furkan ÖZER in WordPress Plugin Advanced Page Visit Counter versions = 8.0.6...