35 matches found
EUVD-2026-5157
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...
CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...
net-snmp security update
1:5.7.2-49.0.3 - Fix out of bound access Orabug: 38873509CVE-2025-68615...
CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
PT-2025-44548
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the Business Process Intelligence BPI component’s Config Management and Edit Config page. Insufficient validati...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.2, which stems from insufficient...
WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.1...
EUVD-2022-1314
Malicious code in bioql PyPI...
EUVD-2024-35721
Malicious code in bioql PyPI...
EUVD-2024-23211
Malicious code in bioql PyPI...
EUVD-2024-23209
Malicious code in bioql PyPI...
EUVD-2023-45803
Malicious code in bioql PyPI...
EUVD-2024-23210
Malicious code in bioql PyPI...
CVE-2024-4360
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.6 due to insufficient input sanitization and output escapi...
CVE-2024-37309
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...
CVE-2024-25907
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...
CVE-2023-41288
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 2023/11/23 and later...
CVE-2020-15902
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...
WordPress Element Pack Elementor Addons plugin <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read vulnerability
Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 5.7.2...
CVE-2024-37309
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...