Astra Linux - уязвимость в ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0; versions before 2.19.1 use recursion to sanitize CDATA sections. This can lead to stack exhaustion and raise a SystemStackError exception, potentially causing ...

CVE-2025-69297

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...

CVE-2025-69297

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...

WordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Spectra versions = 2.19.17...

CVE-2025-66398

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

EUVD-2025-206139

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding...

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

CVE-2025-68272

Summary: Signal K Server up to version 2.19.0 is affected by a DoS via unrestricted access request flooding at the endpoint /signalk/v1/access/requests. The issue arises from unbounded in-memory storage of access requests, leading to a JavaScript heap out of memory and server crash when handling ...

CVE-2025-67623 WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through = 2.22.0...

CVE-2025-57352

CVE-2025-57352 affects the min-document package prior to 2.19.0 and is a prototype pollution issue via removeAttributeNS, triggered by input involving proto . IBM confirms affected products in connected bulletins: IBM Business Automation Workflow (containers and traditional), IBM Concert Software...

CVE-2025-28041

Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication...

CVE-2025-45607

An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request...

iTranswarp 安全漏洞

iTranswarp is a full-featured CMS by Crypto Michael Individual Developers. A security vulnerability exists in iTranswarp version v2.19, which stems from improper component/manage/authentication and could lead to bypassing authentication...

Exploit for CVE-2024-54160

CVE-2024-54160-Opensearch-HTML-Injection + Stored XSS It w...

DEBIAN-CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

DEBIAN-CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

UBUNTU-CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

GeoServer 代码问题漏洞

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that originates from an option that allows SSRF to set up proxy hosts through. The following products and versions are affected: versions...

CVE-2020-8952

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter...

CloudBees Jenkins Stored Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...