CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

PT-2026-21611

Name of the Vulnerable Software and Affected Versions Astro versions 9.0.0 through 9.5.3 Description Astro server actions lack a default request body size limit, potentially leading to a denial of service DoS due to memory exhaustion. A large POST request to a valid action endpoint can crash the...

MiracleLinux 7 : rh-postgresql95-postgresql-9.5.4-1.el7 (AXSA:2016-654:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-654:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll nee...

MiracleLinux 4 : rh-postgresql95-postgresql-9.5.4-1.AXS4 (AXSA:2016-656:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-656:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll nee...

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

EUVD-2020-1439

Malware in sbrugna...

EUVD-2021-8639

Malicious code in bioql PyPI...

EUVD-2021-8671

Malicious code in bioql PyPI...

EUVD-2021-8636

Malicious code in bioql PyPI...

EUVD-2021-8672

Malicious code in bioql PyPI...

EUVD-2021-8664

Malicious code in bioql PyPI...

EUVD-2021-8665

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-21327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...

Linux Distros Unpatched Vulnerability : CVE-2021-21326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...

Linux Distros Unpatched Vulnerability : CVE-2021-21255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI versi...

Linux Distros Unpatched Vulnerability : CVE-2021-3486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. CVE-2021-3486 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2021-21314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before...

OPENSUSE-SU-2024:10273-1 libecpg6-32bit-9.5.4-1.2 on GA media

These are all security issues fixed in the libecpg6-32bit-9.5.4-1.2 package on the GA media of openSUSE Tumbleweed...

GLPi Cross-Site Scripting Vulnerability (CNVD-2021-40317)

GLPI is a free asset and IT management software package that provides ITIL service desk functionality, license tracking and software auditing. A cross-site scripting vulnerability exists in GLPi version 9.5.4. The vulnerability stems from GLPi unvalidated metadata. An attacker can exploit the...