CVE-2021-27371

The Contact page in Monica 2.19.1 allows stored XSS via the Description field...

CVE-2026-24127

CVE-2026-24127 pertains to Typemill, a flat-file CMS. A reflected XSS vulnerability exists in the login error view template login.twig affecting versions 2.19.1 and earlier, where the username value is echoed back without proper contextual encoding during failed authentication. This could allow a...

PT-2026-4535

Name of the Vulnerable Software and Affected Versions Typemill versions 2.19.1 and below Description Typemill is a flat-file, Markdown-based CMS for informational documentation websites. A reflected Cross-Site Scripting XSS issue exists in the login error view template login.twig. The username...

EUVD-2025-202299

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

CVE-2025-5471

CVE-2025-5471 affects Yandex Telemost on macOS, before version 2.19.1. The root cause is an uncontrolled Search Path Element, enabling search-order hijacking (dylib hijacking). Impact per sources is high on confidentiality, integrity, and availability when a malicious library is loaded via a mani...

PT-2025-50090

Name of the Vulnerable Software and Affected Versions Yandex Telemost versions prior to 2.19.1 Description An uncontrolled search path element issue exists in Yandex Telemost on MacOS, enabling search order hijacking. This allows an attacker to potentially manipulate the system's search path to...

EUVD-2020-23323

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-23516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion...

artemis-commons: Apache ActiveMQ Artemis DoS

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability DoS through uncontrolled resource consumption of memory...

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

CVE-2025-25205

CVE-2025-25205 affects Audiobookshelf (self-hosted server) versions 2.17.0 through 2.19.0. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored URL-regex patterns (e.g., r=/api/items/1/cover), enabling partial bypass of authentication and, on some ...

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

PT-2024-25422 · Unknown · Angular-Translate

Name of the Vulnerable Software and Affected Versions: angular-translate versions through 2.19.1 Description: The issue allows for XSS attacks via a crafted key used by the translate directive. The vendor notes that there is no documentation indicating a key is supposed to be safe against XSS...

SUSE CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

SUSE CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

SUSE CVE-2022-23515

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

PT-2023-14734 · WordPress · Seriously Simple Podcasting

Name of the Vulnerable Software and Affected Versions: Seriously Simple Podcasting WordPress plugin versions prior to 2.19.1 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such ...

CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

UBUNTU-CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

CVE-2022-23514 Inefficient Regular Expression Complexity in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...