CVE-2026-53781

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

CVE-2026-53781

The CVE affects the Summarize utility prior to version 0.17.0. Vulnerable path is the temp-file-based media download, where an unbounded response can be streamed via the download/response path, causing disk and resource exhaustion. Root cause: responses bypass the enforced size limit due to missi...

GHSA-7J2F-6H2R-6CQC Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

PT-2026-45047

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...

EUVD-2025-19365

Malicious code in bioql PyPI...

CVE-2025-53300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode podcast-feed-player-widget allows Stored XSS.This issue affects Podcast Feed Player Widget and Shortcode: from n/a through = 2.2.0...

CVE-2025-53300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode podcast-feed-player-widget allows Stored XSS.This issue affects Podcast Feed Player Widget and Shortcode: from n/a through = 2.2.0...

CVE-2025-53300 WordPress Podcast Feed Player Widget and Shortcode plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode podcast-feed-player-widget allows Stored XSS.This issue affects Podcast Feed Player Widget and Shortcode: from n/a through = 2.2.0...

CVE-2025-53300 WordPress Podcast Feed Player Widget and Shortcode plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode allows Stored XSS. This issue affects Podcast Feed Player Widget and Shortcode: from n/a through 2.2.0...

CVE-2025-53300

CVE-2025-53300 affects the WordPress plugin Podcast Feed Player Widget and Shortcode (versions

WordPress plugin Podcast Feed Player Widget and Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Podcast RSS Feed vulnerability discovered by Webbernaut in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.9.3...