EEF-CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:...

CVE-2024-51684

Cross-Site Request Forgery CSRF vulnerability in Ciprian Popescu W3P SEO wp-perfect-plugin allows Stored XSS.This issue affects W3P SEO: from n/a through 1.8.6...

WordPress plugin W3P SEO 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

PT-2023-30383 · WordPress · Wp All Export Pro +1

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 Description: The issue concerns the lack of validation and sanitization of the wp query parameter, allowi...

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

HestiaCP Cross-Site Scripting Vulnerability

HestiaCP is a lightweight and powerful control panel for the modern web. A cross-site scripting vulnerability exists in HestiaCP versions prior to 1.8.6 that stems from the presence of a stored cross-site scripting XSS vulnerability...

PT-2023-3418 · Libx11 +9 · Libx11 +9

Name of the Vulnerable Software and Affected Versions: libX11 versions prior to 1.8.6 Description: A security flaw was found in libX11 due to functions in src/InitExt.c not checking if the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those function...

Harvest Chosen 跨站脚本漏洞

Chosen is a Harvest open source library for making select boxes more user-friendly. A cross-site scripting vulnerability exists in versions prior to Chosen 1.8.6 that stems from incorrect manipulation of the parameter grouplabel resulting in cross-site scripting...

Rock RMS Access Control Error Vulnerability

Rock RMS is a church management system. An access control error vulnerability exists in Rock RMS versions prior to 1.8.6. No detailed vulnerability details are currently available...

VMware Harbor Container Registry for Pivotal Platform Elevation of Privilege Vulnerability

VMware Harbor Container Registry for Pivotal Platform is a product of VMware. An elevation of privilege vulnerability exists in VMware Harbor Container Registry for Pivotal Platform version 1.9 prior to 1.9.3 and version 1.8 prior to 1.8.6. The vulnerability can be exploited to reset passwords an...

CVE-2016-10918

The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF...

DEBIAN-CVE-2016-8640

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...

MyBB has multiple vulnerabilities (CNVD-2016-11610)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.6, including SQL injectio...

MyBB has multiple vulnerabilities (CNVD-2016-11608)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.6, including: SQL injecti...

DEBIAN-CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service system-bus disconnect of other services or applications by sending a message containing a file descriptor, then exceeding the maximum recursion depth before...

Wireshark Multiple Dissector Multiple Vulnerabilities - March 13 (Windows)

This host is installed with Wireshark and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbwiresharkmultvulnmar13win.nasl 6079 2017-05-08 09:03:33Z teissa $ Wireshark Multiple Dissector Multiple Vulnerabilities - March 13 Windows Authors: Arun Kallavi Copyright: Copyright c...

DEBIAN-CVE-2013-2484

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service application crash via a malformed packet...

DEBIAN-CVE-2013-2477

The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service application crash via a malformed packet...

DEBIAN-CVE-2013-2480

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service application crash via a malformed packet...

DEBIAN-CVE-2013-2475

The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service application crash via a malformed packet...