WordPress plugin UsersWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Django vulnerable to Uncontrolled Resource Consumption

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

PT-2024-9685 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.30.8 Envoy versions prior to 1.31.4 Envoy versions prior to 1.32.2 Description: The issue is related to the Happy Eyeballs sorting algorithm in the Envoy proxy, which crashes when additional addresses are not IP...

Upgraded Q -> 2 from #508 [1675443058277]

Judge has assessed an item in Issue 508 as 2 risk. The relevant finding follows: New address and existing address inputs can be the same in upgradeExistingContract --- The text was updated successfully, but these errors were encountered: All reactions...

PT-2022-10229 · Unknown +1 · Watsonwebserver +1

Name of the Vulnerable Software and Affected Versions: WatsonWebserver versions 4.1.3 and below IpMatcher versions 1.0.4.1 and below Description: An Input Validation issue exists due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses an...