Security Bulletin: Netty Decompression Decoders Allow Unbounded Buffer Allocation Leading to DoS (Fixed in 4.1.125/4.2.5)

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...

WordPress plugin Podlove Podcast Publisher 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An input validation error...

PT-2025-33376 · Woocommerce · Primer Mydata For Woocommerce

Name of the Vulnerable Software and Affected Versions: Primer MyData for Woocommerce versions through 4.2.5 Description: The software contains a Reflected Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update Primer MyData for...

PT-2025-33372 · Themovation · Themovation Stratus

Name of the Vulnerable Software and Affected Versions: Themovation Stratus versions through 4.2.5 Description: Themovation Stratus is susceptible to a missing authorization issue stemming from incorrectly configured access control security levels. Recommendations: Update Themovation Stratus to a...

CVE-2025-8835

A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jasimage.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack...

JasPer 安全漏洞

Jasper is a flexible and powerful GitHub issue reader open-sourced by Jasper. A security vulnerability exists in JasPer 4.2.5 and earlier versions, which stems from the presence of reachable assertions in the jpcfloorlog2 function...

PT-2024-33655 · Woocommerce · Event Manager For Woocommerce

Name of the Vulnerable Software and Affected Versions: Event Manager for WooCommerce versions 4.2.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress Plugin AppPresser Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Cybozu Garoon Directory Traversal Vulnerability (CNVD-2017-25382)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A directory traversal...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2017-25383)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting...