Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available, by manipulating the processed input stream with a Java runtime version 14 to 8. ...

CVE-2025-66457

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...

CVE-2025-66457

CVE-2025-66457 affects Elysia (TypeScript framework). Vulnerability: when dynamic cookies are enabled and a cookie schema exists, the cookie config can be injected into compiled routes without sanitisation, enabling Arbitrary Code Injection. Root cause: unsanitized dynamic cookie configuration in...

CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...

CVE-2025-66457 Elysia affected by arbitrary code injection through cookie config

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled e.g. there an existing cookie schema, the cookie...

PT-2025-50228

Name of the Vulnerable Software and Affected Versions Elysia versions 1.4.17 and below Description Elysia is a Typescript framework used for request validation, type inference, OpenAPI documentation, and client-server communication. Versions 1.4.17 and below are susceptible to arbitrary code...

EUVD-2021-1515

Malware in sbrugna...

EUVD-2008-3467

Malware in sbrugna...

EUVD-2022-6875

Malicious code in bioql PyPI...

WordPress plugin ShMapper by Teplitsa 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Index WP MySQL For Speed plugin < 1.4.18 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin Index WP MySQL For Speed versions 1.4.18...

WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)

Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...

PT-2024-24825 · WordPress · Eroom – Zoom Meetings & Webinar

Name of the Vulnerable Software and Affected Versions: The eRoom – Zoom Meetings & Webinars plugin for WordPress versions up to, and including, 1.4.18 Description: The issue allows authenticated attackers with subscriber access or higher to obtain post excerpts, including those of draft and pendi...

WordPress eRoom – Zoom Meetings & Webinar plugin <= 1.4.18 - Missing Authorization to Information Exposure vulnerability

Missing Authorization to Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin eRoom versions = 1.4.18...

SUSE CVE-2009-1580

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie...

SUSE CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

SUSE CVE-2021-39141

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

SUSE CVE-2021-39146

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

SUSE CVE-2021-39149

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

SUSE CVE-2021-39148

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...