SUSE CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2026-33537

Lychee (open-source photo management) is affected by an SSRF issue in Photo::fromUrl due to incomplete IP validation that does not block loopback and link-local addresses. Before version 7.5.1, an authenticated user could reach internal services via direct IPs, bypassing all four protection confi...

CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

EUVD-2025-37038

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

EUVD-2017-2599

Malware in sbrugna...

CVE-2025-23049

CVE-2025-23049 affects Meridian Technique Materialise OrthoView versions up to 7.5.1. The vulnerability is an OS command injection that arises when servlet sharing is enabled, due to improper handling of user-supplied input in the servlet sharing component. Practical impact is described as potent...

Materialise OrthoView 操作系统命令注入漏洞

Materialise OrthoView is an orthopedic planning solution from Materialise UK. An operating system command injection vulnerability exists in Materialise OrthoView 7.5.1 and earlier versions, which stems from vulnerability to OS command injection attacks when servlet sharing is enabled...

CVE-2024-54311

Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...

WordPress Admin and Site Enhancements (ASE) plugin <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG vulnerability

Authenticated Stored Cross-Site Scripting via SVG vulnerability discovered by Francesco Carlucci in WordPress Plugin Admin and Site Enhancements ASE versions = 7.5.1...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper validation of the mail parameter in the createAction process. An unauthenticated attacker can display user-submitted data of all forms persisted by the extension. Note This vulnerability can onl...

CVE-2024-6225

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 and 7.5.1 for the Pro version due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2024-26289

The CVE-2024-26289 issue is a Deserialization of Untrusted Data vulnerability in PMB Services PMB that enables Remote Code Inclusion. Concrete details from connected documents: affected PMB versions are 7.3.1–7.3.18, 7.4.1–7.4.9, and 7.5.1–7.5.6-2. Root cause is deserialization of untrusted data....

PT-2024-26569 · Tidb · Tidb

Name of the Vulnerable Software and Affected Versions: TiDB version 7.5.1 Description: A NULL pointer dereference issue was discovered in the SortedRowContainer component of TiDB. Recommendations: For version 7.5.1, at the moment, there is no information about a newer version that contains a fix...

PT-2024-25496 · Pingcap · Tidb

Name of the Vulnerable Software and Affected Versions: PingCAP TiDB version 7.5.1 Description: A buffer overflow issue was discovered, which could lead to database crashes and denial of service attacks. Recommendations: For PingCAP TiDB version 7.5.1, at the moment, there is no information about ...

PingCAP TiDB 安全漏洞

PingCAP TiDB is an open source, cloud-native, distributed, MySQL-compatible database for elastic scaling and real-time analytics from China-based PingCAP. A security vulnerability exists in PingCAP TiDB version v7.5.1, which originates from the inclusion of a null pointer dereference via the...

WordPress LifterLMS Plugin <= 7.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software LifterLMS Type Plugin Vulnerable versions = 7.5.0 Fixed in 7.5.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31363 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07170935e600 Credits Dhabaleshwar Das Required...

Design/Logic Flaw

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish...

WordPress LifterLMS Plugin <= 7.5.1 is vulnerable to Broken Access Control

Software LifterLMS Type Plugin Vulnerable versions = 7.5.1 Fixed in 7.5.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0377 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 017a17d1f987 Credits Francesco Carlucci Required privileg...

Fedora 37 : frr (2023-ce436d56f8)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ce436d56f8 advisory. New version 8.5.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...