CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

CVE-2023-53895

PimpMyLog 1.7.14 is affected by an improper access control vulnerability that lets remote attackers create admin accounts via the configuration endpoint (/configuration). The unsanitized username field can be exploited to inject JavaScript, enabling a hidden backdoor and potential access to serve...

EUVD-2025-37406

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

CVE-2025-11920

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

Debian dla-4304 : libcjson-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4304 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4304-1 [email protected] https://www.debian.org/lts/security/...

CVE-2022-0539

Cross-site Scripting XSS - Stored in Packagist ptrofimov/beanstalkconsole prior to 1.7.14...

SUSE-SU-2025:20091-1 Security update for containerd

This update for containerd fixes the following issues: - Update to containerd v1.7.21. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.21 Fixes CVE-2023-47108. bsc1217070 Fixes CVE-2023-45142. bsc1228553 - Update to containerd v1.7.17. Upstream release notes:...

WordPress plugin The Drop Shadow Boxes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress Drop Shadow Boxes plugin <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Drop Shadow Boxes versions = 1.7.14...

PT-2024-16143 · WordPress · Drop Shadow Boxes

Name of the Vulnerable Software and Affected Versions: Drop Shadow Boxes plugin for WordPress versions up to, and including, 1.7.14 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' allowing an attacker to insta...

CVE-2023-46824

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin = 1.7.14 versions...

CVE-2023-46824

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin = 1.7.14 versions...

CVE-2023-46824

Slick Popup: Contact Form 7 Popup Plugin for WordPress (plugin

WordPress Cooked Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Type Plugin Vulnerable versions = 1.7.14 Fixed in 1.7.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44477 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff0ba7b02ac2 Credits thiennv Required privilege Contributor...

PT-2022-25017 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith versions through 1.7.14 Description: The issue allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget. This can be used to perform Denial of Service DoS attacks or...

GHSA-8XMX-H8RQ-H94J HashiCorp Consul Cross-site Scripting vulnerability

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...

CVE-2020-25864

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...