Astra Linux - уязвимость в node-minimatch

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

CVE-2026-40306 DNN has same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

CVE-2026-40305

DNN (DotNetNuke) is affected by CVE-2026-40305 in versions 6.0.0 through 10.2.1, where a crafted request in the friends feature could force the acceptance of a friend request on another user. The issue is fixed in version 10.2.2 (patch). Affects DotNetNuke Platform’s friend-acceptance flow and is...

UBUNTU-CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

CVE-2026-26996

CVE-2026-26996 affects minimatch, a glob-to-RegExp utility. Versions 10.2.0 and earlier are vulnerable to a Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal not present in the test string. Each * creates a separate [^/]*?...

PT-2026-20994

Name of the Vulnerable Software and Affected Versions minimatch versions 10.2.0 and below Description The software is susceptible to Regular Expression Denial of Service ReDoS when processing glob patterns containing numerous consecutive wildcards followed by a literal character absent from the...

OPENSUSE-SU-2026:10207-1 frr-10.2.1-4.1 on GA media

These are all security issues fixed in the frr-10.2.1-4.1 package on the GA media of openSUSE Tumbleweed...

CVE-2019-11345

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS...

EUVD-2025-19032

Malicious code in bioql PyPI...

CVE-2025-52570

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option...

CVE-2025-52570

CVE-2025-52570 affects the Letmein port-knock implementation. Before version 10.2.1, the connection limiter is implemented incorrectly, allowing an arbitrary number of simultaneous incoming connections (TCP, UDP, and Unix socket) for the services letmeind and letmeinfwd. The num-connections optio...

CVE-2025-52570 Letmein connection limiter allows an arbitrary amount of simultaneous connections

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option...

CVE-2025-52570 Letmein connection limiter allows an arbitrary amount of simultaneous connections

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option...

CVE-2010-5336

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0...

CVE-2010-5339

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchauid is non-persistent in 10.1.3 and 10.2.0...

CVE-2025-31035

CVE-2025-31035 is an authenticated Stored Cross-Site Scripting (XSS) vulnerability in WP Editor.md – The Perfect WordPress Markdown Editor. The issue is caused by improper input neutralization during web page generation, enabling stored XSS. Affected software range includes WP Editor.md versions ...

IceWarp Server 跨站脚本漏洞

IceWarp Server is a mailing server from the Czech company IceWarp. A security vulnerability exists in IceWarp Server version 10.2.1, which stems from insufficient handling of meta parameters, resulting in vulnerability to cross-site scripting attacks...

CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

WordPress WP Booking Calendar plugin <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bookingform Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Booking Calendar versions = 10.2.1...

WordPress Booking Calendar Plugin <= 10.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions = 10.2.1 Fixed in 10.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be4e48bd573a Credits Arkadiusz Hydzik...