CVE-2026-41242

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

Linux Distros Unpatched Vulnerability : CVE-2025-0755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final...

CVE-2024-23316

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests...

CVE-2024-13619

The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2021-24193 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.12.2 and earlier, 8.x versions prior to 8.0.1 Description: The issue allows authenticated SQL injection via the Tooltips action in the Project module, involving resource id and start date. This can be exploited by...

GHSA-5FW9-FQ32-WV5P OS Command Injection in node-notifier

This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array...

PT-2020-7645 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: Publify versions prior to 8.0.1 Description: The issue allows for a Denial of Service attack. Recommendations: For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue...

NetIQ Sentinel Server Denial of Service Vulnerability

NetIQ Sentinel Server is a security information and event management tool. NetIQ Sentinel Server 8.0 prior to version 8.0.1 has a security vulnerability that can lead to information disclosure and remote denial of service...

NetIQ Sentinel Server Information Disclosure Vulnerability

NetIQ Sentinel Server is a security information and event management tool. NetIQ Sentinel Server 8.0 prior to version 8.0.1 has a security vulnerability that can lead to information disclosure account enumeration...

DotNetNuke cross-site scripting vulnerability (CNVD-2016-07083)

DotNetNuke DNN is a set of U.S. DNN company supported by Microsoft , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. A cross-site scripting vulnerability exists in the user-profile profile area in DNN...

CVE-2016-7119

Cross-site scripting XSS vulnerability in the user-profile biography section in DotNetNuke DNN before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element...