6 matches found
CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...
WordPress Ultimate Addons for Elementor Lite plugin < 2.5.0 - Author+ Stored XSS vulnerability
Author+ Stored XSS vulnerability discovered by Tony in WordPress Plugin Ultimate Addons for Elementor - Lite versions 2.5.0...
WordPress Ocean Extra plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via oceanwplibrary Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ocean Extra versions = 2.4.9...
AZL-64170 CVE-2025-50181 affecting package python-urllib3 for versions less than 1.26.19-2
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...
Directory Traversal vulnerability in Square Retrofit
Square Retrofit versions from including 2.0 to 2.5.0 excluding contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an...
CVE-2018-9127
Botan 2.2.0 - 2.4.0 fixed in 2.5.0 improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must alrea...