PT-2023-10295 · WordPress · Gravity Forms Dps Pxpay Plugin

Name of the Vulnerable Software and Affected Versions: Gravity Forms DPS PxPay Plugin versions up to 1.4.2 Description: A problematic issue was found in the Gravity Forms DPS PxPay Plugin, affecting an unknown function. This issue leads to cross-site scripting and can be launched remotely...

Insecure Default

Overview Affected versions of this package are vulnerable to Insecure Default. In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions matching the input would only be set at completion time. Output files could therefore ...

PT-2020-16951 · Maxmind +8 · Libmaxminddb +8

Name of the Vulnerable Software and Affected Versions: libmaxminddb versions prior to 1.4.3 Description: The issue is a heap-based buffer over-read in the dump entry data list function in maxminddb.c. This occurs in libmaxminddb before version 1.4.3. Recommendations: For versions prior to 1.4.3,...

GHSA-73M2-3PWG-5FGC Catastrophic backtracking in regex allows Denial of Service in Waitress

Impact When waitress receives a header that contains invalid characters it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This would allow an attacker to send a single request with an invalid...

PT-2018-16192 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.4.3 Description: The issue is related to incorrect parsing in url-parse, which returns the wrong hostname. This can lead to multiple vulnerabilities, including Server Side Request Forgery SSRF, Open Redirect, and...