CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.8.0 that stems from insufficient validatio...

PT-2025-44550

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.0 Description The software is susceptible to stored cross-site scripting XSS through the My Tools page. Insufficient validation or escaping of user-supplied input could allow an attacker to inject and execute...

PT-2025-44552

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.0 Description Nagios XI versions prior to 5.8.0 are susceptible to cross-site scripting XSS through the Views feature's URL handling. Insufficient validation or escaping of user-supplied input could allow an...

Scontain SCONE 安全漏洞

Scontain SCONE is a secure container environment from Scontain. A security vulnerability exists in Scontain SCONE version 5.8.0, which stems from the presence of an interface vulnerability that can lead to state corruption via injection signals...

ChurchCRM Security Breach

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v5.8.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Family Name parameter under the Register a New...

WordPress plugin WP Travel Engine security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability

Price Manipulation vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP Travel Engine versions = 5.8.0...

DEBIAN-CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...