EUVD-2021-1875

Malware in sbrugna...

EUVD-2018-0221

Malware in sbrugna...

glibc: Double free in glibc

A double-free vulnerability has been discovered in glibc GNU C Library. This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could...

glibc: Double free in glibc

A double-free vulnerability has been discovered in glibc GNU C Library. This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could...

WordPress Tournament Bracket Generator Cross-Site Scripting Vulnerability

WordPress Tournament Bracket Generator is a plugin for generating fixture maps for the knockout stages of tournaments. A cross-site scripting vulnerability exists in WordPress Tournament Bracket Generator, which stems from insufficient input cleanup and escaping, and can be exploited by an attack...

CVE-2025-6290

The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6290 Tournament Bracket Generator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode

The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6290 Tournament Bracket Generator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode

The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6290

Summary: CVE-2025-6290 affects the WordPress plugin “Tournament Bracket Generator” up to version 1.0.0. The root cause is insufficient input sanitization and output escaping in the plugin’s bracket shortcode, enabling a stored Cross-Site Scripting (XSS) attack. Affected component: bracket shortco...

PT-2025-26922 · WordPress · Tournament Bracket Generator

Name of the Vulnerable Software and Affected Versions: Tournament Bracket Generator plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode due to insufficient input sanitization and output...

WordPress plugin Tournament Bracket Generator 跨站脚本漏洞

WordPress Tournament Bracket Generator is a plugin for generating fixture maps for the knockout stages of tournaments. A cross-site scripting vulnerability exists in WordPress Tournament Bracket Generator, which stems from insufficient input cleanup and escaping, and can be exploited by an attack...

CVE-2024-11716

While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...

USN-7280-2 python vulnerability

USN-7280-1 fixed a vulnerability in Python. This update provides the corresponding updates for some additional Python packages in Ubuntu releases. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker cou...

CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure...

Medium: python

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Security update for python312

This update for python312 fixes the following issues: CVE-2025-0938: Functions urllib.parse.urlsplit and urlparse accept domain names including square brackets bsc1236705. CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines bsc1234290. Other bugfixes: Position of SUSE...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for python310

This update for python310 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

SUSE CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

UBUNTU-CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...