218463 matches found
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...
Malicious code in theta-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbfa69ed41fd4cfb88637f2f5765174105f8c4eb42d4f433fdd05d642e664fa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-25969
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
CVE-2023-32959
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...
CVE-2022-45813
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
EUVD-2023-60590
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...
CVE-2023-32959 WordPress MetroStore theme <= 1.3.2 - Broken Access Control
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...
CVE-2023-32959 WordPress MetroStore theme <= 1.3.2 - Broken Access Control
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...
CVE-2023-32959
CVE-2023-32959 is a WordPress Broken Access Control issue affecting multiple themes (e.g., MetroStore, SparkleStore, Kathmag, Online eStore, Appzend, SpiderMag, BuzzStore, Fitness Park, Sparklestore, etc.) with vulnerable versions generally prior to or equal to 1.x.y depending on the theme. The r...
httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack
A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...
CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
EUVD-2023-60589
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
CVE-2023-25969
CVE-2023-25969 is aBroken Access Control issue reported across multiple WordPress plugins with unauthenticated access. Connected advisories show: Lead Form Elementor Builder: vulnerable <= 1.8.4; fixed in 1.8.5 TH Side Cart and Menu Cart for WooCommerce: vulnerable <= 1.1.1; fixed in 1.1.2 ...
CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
EUVD-2022-56005
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
CVE-2022-45813
CVE-2022-45813 affects multiple WordPress/WooCommerce plugins via Broken Access Control and authorization bypass concerns. The BeRocket Advanced AJAX Product Filters entry cites a vulnerability in the plug‑in’s access control; Patchstack confirms the issue across several plugins (e.g., Product Ta...
CVE-2026-6269 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...
CVE-2022-42479
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...