GHSA-H27X-RFFW-24P4 Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

PT-2025-43845

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through = 2.9.0...

WordPress plugin Yoga Schedule Momoyoga 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.9.0 and earlier, which stems from improper handling of parameter IDs in the file /module/Api/pessoa, which could lead to improper authorization...

Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you in basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.9.0 and earlier, which stems from an authorization bypass issue in file/module/Api/Diario...

WordPress plugin PowerPack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2023-37869

Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0...

PT-2024-15633 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 8.2.1 mlflow/mlflow versions prior to 2.9.0 Description: A vulnerability in mlflow/mlflow allows for remote code execution due to improper neutralization of special elements used in an OS command within the...

UBUNTU-CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...