8 matches found
CVE-2026-32240
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...
CVE-2026-25062
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...
WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin List Child Pages Shortcode versions = 1.3.1...
WordPress Pixeline's Email Protector Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Pixelines Email Protector versions = 1.3.8...
WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Event Feed for Eventbrite versions = 1.3.2...
CVE-2025-54878 Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup`
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...
CVE-2022-27495
On all versions 1.3.x fixed in 1.4.0 NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2018-11366
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting XSS because logging is mishandled. This is fixed in 1.4.0...