688 matches found
CVE-2023-26543
Cross-Site Request Forgery CSRF vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin = 3.1.4 versions...
CVE-2022-4486
The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2025-4727
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
GHSA-J3V9-6GC7-VF5F Meteor Affected By Inefficient Regular Expression Complexity
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
Meteor Affected By Inefficient Regular Expression Complexity
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-4727
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-4727
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-4727
Summary: CVE-2025-4727 affects Meteor up to 3.2.1, involving the Object.assign handling in packages/ddp-server/livedata_server.js where forwardedFor manipulation enables inefficient regex complexity (ReDoS). The issue may be remotely exploitable and requires high attack complexity. Public exploit...
CVE-2025-4727 Meteor livedata_server.js Object.assign redos
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
CVE-2025-4727 Meteor livedata_server.js Object.assign redos
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...
Meteor 安全漏洞
Meteor is a JavaScript application platform open-sourced by Meteor. A security vulnerability exists in Meteor 3.2.1 and earlier versions, which stems from an insufficient regular expression complexity due to an incorrect operation of the function Object.assign on the parameter forwardedFor in the...
PT-2025-21583 · Meteor · Meteor
Name of the Vulnerable Software and Affected Versions: Meteor versions up to 3.2.1 Description: A vulnerability was found in the function Object.assign of the file packages/ddp-server/livedata server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression...
MAL-2025-3636 Malicious code in meteor-roles (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35e1fc58c157a731ac3f86cb748d151de5034b62c77de3149f0b97573789b402 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in meteor-roles (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35e1fc58c157a731ac3f86cb748d151de5034b62c77de3149f0b97573789b402 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-53561
A remote code execution RCE vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request...
CVE-2024-53563
A stored cross-site scripting XSS vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2024-53561
A remote code execution RCE vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request...
Arcadyan Meteor 2 CPE 安全漏洞
Arcadyan Meteor 2 CPE is a high-end home integrated access device from China Smart Arcadyan. A security vulnerability exists in the Arcadyan Meteor 2 CPE. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload...
Arcadyan Meteor 2 CPE 安全漏洞
Arcadyan Meteor 2 CPE is a high-end home integrated access device from China Smart Arcadyan. A security vulnerability exists in the Arcadyan Meteor 2 CPE FG360 Firmware ETV version 2.10. An attacker can exploit the vulnerability to execute arbitrary code via a specially crafted request...
CVE-2024-53561
CVE-2024-53561 affects Arcadyan Meteor 2 CPE FG360 firmware ETV2.10. The vulnerability is described as a remote code execution (RCE) via a crafted request. Connected documents confirm the same vulnerability caption but do not provide concrete technical details such as affected component versions ...