CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

CVE-2026-27729

Summary of CVE-2026-27729 : The Astro web framework versions 9.0.0–9.5.3 have a vulnerability where Astro server actions do not enforce a default request body size limit. The body is buffered entirely in memory (JSON or FormData) by the Node adapter in standalone mode, allowing an unauthenticated...

EUVD-2020-18836

Malware in sbrugna...

EUVD-2021-8636

Malicious code in bioql PyPI...

CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through 9.6...

PT-2025-39547

Name of the Vulnerable Software and Affected Versions 8theme XStore versions through 9.5.3 Description The software contains a flaw related to improper handling of script-related HTML tags on a web page, potentially leading to code injection. This issue is identified as a Basic Cross-Site Scripti...

Linux Distros Unpatched Vulnerability : CVE-2020-27662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table...

Linux Distros Unpatched Vulnerability : CVE-2021-21255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI versi...

Grafana 9.5.x < 9.5.3 Multiple Vulnerabilities

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 8.5.26, or earlier than 9.2.19, or earlier than 9.3.15, or earlier than 9.4.12, or 9.5.x earlier than 9.5.3. It is, therefore, affected by multiple vulnerabilities: - A Missing Authorization...

CVE-2024-36241

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command...

CVE-2024-29215

Mattermost Server vulnerability CVE-2024-29215: Improper access control in slash commands linked to playbook tasks allows a user to run a slash command in a channel they are not a member of. Affected versions: Mattermost 9.5.x up to 9.5.3; 9.7.x up to 9.7.1; 9.6.x up to 9.6.1; 8.1.x up to 8.1.12....

CVE-2024-31859 Member promoted to channel admin via playbooks run linking to channel

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin...

CVE-2024-4183

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the presence of an issue where a team administrator can demote a user to guest via an HTTP request. The vulnerability affects the following...

BIT-GRAFANA-2023-2801

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...

CVE-2023-36503

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin = 9.5.3 versions...

PT-2023-25598 · WordPress · Maxbuttons

Name of the Vulnerable Software and Affected Versions: MaxButtons plugin versions 9.5.3 and earlier Description: The issue is related to an Authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject malicious scripts into the...

GHSA-WM7R-3QXJ-5XGQ Duplicate Advisory: Grafana Improper Access Control vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cvm3-pp2j-chr3. This link is maintained to preserve external references. Original Description Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available...

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...

UBUNTU-CVE-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...