CVE-2026-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

DEBIAN-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

PT-2026-20691

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

AstrBot 安全漏洞

AstrBot is a multi-platform LLM chatbot and development framework open-sourced by AstrBot. A security vulnerability exists in AstrBot versions 3.4.4 through 3.5.12, which stems from a path traversal flaw that could lead to the disclosure of sensitive information...

AZL-61958 CVE-2025-4969 affecting package libsoup for versions less than 3.4.4-9

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated...

AZL-60426 CVE-2025-32907 affecting package libsoup for versions less than 3.4.4-7

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

PT-2024-34238 · Unknown · Fla-Shop.Com Interactive World Map

Name of the Vulnerable Software and Affected Versions: Fla-shop Interactive World Map versions 3.4.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

PT-2024-23910 · Woocommerce · Algolplus Advanced Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: AlgolPlus Advanced Order Export For WooCommerce versions 3.4.4 and earlier Description: The issue is related to improper control of code generation, allowing code injection. This can potentially lead to unauthorized access or execution of...

PT-2024-24898 · WordPress · Rate My Post – Wp Rating System

Name of the Vulnerable Software and Affected Versions: Rate my Post – WP Rating System versions 3.4.4 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in the FeedbackWP Rate my Post – WP Rating System. Recommendations: For versions...

PT-2023-21955 · Vladimir Statsenko · Terms Descriptions Plugin

Name of the Vulnerable Software and Affected Versions: Vladimir Statsenko Terms descriptions plugin versions = 3.4.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...

PT-2018-11169 · Cryptolib · Cryptolib

Name of the Vulnerable Software and Affected Versions: cryptlib versions 3.4.4 and earlier Description: The issue allows a memory-cache side-channel attack on DSA and ECDSA signatures, also known as the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to...

Red Hat oVirt Engine Information Disclosure Vulnerability

Red Hat oVirt Engine is an open source virtualization management platform, an open source version of RHEV Platform for Enterprise Virtualization, consisting of an oVirt-node client and an overt-engine manager. A security vulnerability exists in Red Hat oVirt Engine 3.4.4 and earlier versions, whe...