Astra Linux - уязвимость в erlang-jose

In versions 1.11.6 and earlier of erlang-jose also known as JOSE for Erlang and Elixir, attackers can exploit this vulnerability to cause a denial of service attack, resulting in high CPU usage. This vulnerability is exploited by setting a large value of p2c also known as PBES2 Count in the JOSE...

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

CVE-2026-23892

OctoPrint (web interface for controlling consumer 3D printers) is affected in versions up to and including 1.11.5 by a timing side‑channel vulnerability in API key authentication. The root cause is a character‑by‑character comparison that short‑circuits on the first mismatched character, rather t...

EUVD-2026-4775

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

Impact OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a...

PT-2026-5007

Name of the Vulnerable Software and Affected Versions OctoPrint versions up to and including 1.11.5 Description OctoPrint, a web interface for controlling 3D printers, is affected by a timing attack that could allow an attacker with network access to extract API keys. The issue stems from the use...

CVE-2019-20804

Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account...

CVE-2025-10875

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6...

CVE-2025-64318

The issue CVE-2025-64318 affects Salesforce Mulesoft Anypoint Code Builder (before 1.12.1). The vulnerability is described as improper neutralization of input used for LLM prompting, enabling manipulation of writable configuration files. The available data indicate an impact on integrity (partial...

CVE-2025-10875

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6...

PT-2025-45025

Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which can lead to code injection. T...

Salesforce Mulesoft Anypoint Code Builder 安全漏洞

Salesforce Mulesoft Anypoint Code Builder is an integrated development environment from Salesforce USA. A security vulnerability exists in Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6, which stems from improper input neutralization and could lead to code injection...

PT-2025-45031

Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which allows manipulation of writab...

EUVD-2019-11340

Malware in sbrugna...

CVE-2024-10048

The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress plugin Z-Downloads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-43159

Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.6...

PT-2024-30350 · Unknown · Masteriyo - Lms

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.11.6 and earlier Description: The issue affects Masteriyo - LMS, allowing access to functionality not properly constrained by ACLs due to a Missing Authorization vulnerability. Recommendations: For Masteriyo - LMS...

WordPress Post Status Notifier Premium plugin <= 1.11.6 - Reflected Cross-Site Scripting via page vulnerability

Reflected Cross-Site Scripting via page vulnerability discovered by Colin Xu in WordPress Plugin Post Status Notifier Premium versions = 1.11.6...

WordPress Post Status Notifier Lite plugin <= 1.11.6 - Reflected Cross-Site Scripting via page vulnerability

Reflected Cross-Site Scripting via page vulnerability discovered by Colin Xu in WordPress Plugin Post Status Notifier Lite versions = 1.11.6...