Symlink Attack

Overview compressing is an Everything you need for compressing and uncompressing Affected versions of this package are vulnerable to Symlink Attack via the isPathWithinParent function. An attacker can overwrite arbitrary files outside the intended extraction directory by supplying a malicious...

EUVD-2026-19295

Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution...

CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

CVE-2021-24275

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support

...

WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore in WordPress Plugin Lightbox slider – Responsive Lightbox Gallery versions = 1.10.6...

GHSA-264P-99WQ-F4J6 Ion Java StackOverflow vulnerability

Impact A potential denial-of-service issue exists in ion-java for applications that use ion-java to: Deserialize Ion text encoded data, or Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could...

CVE-2015-10098

A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function printmodulelist/showwarningssectionnotice/statustext/uigetactionlinks. The manipulation leads to cross site scripting. The attack may be...

WordPress Plugin Broken Link Checker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-10277 · WordPress · Broken Link Checker Plugin

Name of the Vulnerable Software and Affected Versions: Broken Link Checker Plugin versions up to 1.10.5 Description: A vulnerability was found in the Broken Link Checker Plugin on WordPress, affecting the function print module list/show warnings section notice/status text/ui get action links. Thi...

CVE-2021-36852

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking plugin = 1.10.5 at WordPress...

PT-2022-10578 · Thimpress · Thimpress Wp Hotel Booking

Name of the Vulnerable Software and Affected Versions: ThimPress WP Hotel Booking plugin versions = 1.10.5 Description: A Cross-Site Request Forgery CSRF issue exists, which is a type of attack that tricks a user into performing unintended actions on a web application. This occurs because the...

WordPress plugin ThimPress WP Hotel Booking 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

GHSA-CF46-6XXH-PC75 libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

OPENSUSE-SU-2021:1400-1 Security update for flatpak

This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. bsc1191507 This update was imported from the SUSE:SLE-15-SP2:Update update project...

OPENSUSE-SU-2021:3472-1 Security update for flatpak

This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. bsc1191507...

SUSE-SU-2021:3472-1 Security update for flatpak

This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. bsc1191507...

[SECURITY] [DSA 4984-1] flatpak security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4984-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 12, 2021 https://www.debian.org/security/faq -...

PYSEC-2020-162

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...