CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

GHSA-848J-6MX2-7J84 Elliptic Uses a Cryptographic Primitive with a Risky Implementation

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

EUVD-2019-17148

Malware in sbrugna...

EUVD-2021-2533

Malware in sbrugna...

EUVD-2024-0593

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-24750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very...

CVE-2025-32244

CVE-2025-32244 describes a missing authorization vulnerability in the SEO Help WordPress plugin. The advisory notes misconfigured access control security levels, affecting SEO Help versions n/a through 6.7.9 (per initial description). Connected security sources corroborate the CVE’s association w...

WordPress plugin Click & Pledge Connect Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2025-28918

CVE-2025-28918 : Stored XSS in WordPress plugin Featured Image Thumbnail Grid up to version 6.6.1 . Root cause: improper neutralization of input during web page generation in the plugin, enabling stored cross-site scripting. Affected product/component: WordPress Plugin – Featured Image Thumbnail ...

CVE-2025-28918 WordPress Featured Image Thumbnail Grid plugin <= 6.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featured Image Thumbnail Grid: from n/a through = 6.8...

CVE-2024-13459

The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesknewcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin FuseDesk 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16961 · WordPress · Wp-Speedup Block Editor Bootstrap Blocks

Name of the Vulnerable Software and Affected Versions: WP-speedup Block Editor Bootstrap Blocks versions through 6.6.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This lets an...

WordPress plugin Block Editor Bootstrap Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

LimeSurvey < 6.6.1 Header Injection Vulnerability

LimeSurvey is prone to a header injection vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:limesurvey:limesurvey";...

UBUNTU-CVE-2024-24750

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

CVE-2024-24750 Backpressure request ignored in fetch() in Undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

GHSA-3787-6PRV-H9W3 Undici proxy-authorization header not cleared on cross-origin redirect in fetch

Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers. Patches This is patched in v5.28.3 and v6.6.1 Workarounds There are no known workarounds. References - https://fetch.spec.whatwg.org/authentication-entries -...

GHSA-9F24-JQHM-JFCW fetch(url) leads to a memory leak in undici

Impact Calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. Patches Patched in v6.6.1 Workarounds Make sure to always consume the incoming body...

PT-2023-29737 · Qt Company · Qt

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 6.2.11 Qt versions 6.3.x through 6.6.x before 6.6.1 Description: An issue was discovered in Qt when a QML image refers to an image whose content is not known yet, leading to an assumption that it is an SVG document. If th...