CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

CVE-2025-57282

CVE-2025-57282 affects ngrok v4.3.3 and 5.0.0-beta.2 and is described as vulnerable to Command Injection. The connected documents confirm the affected software and the vulnerability class but do not provide exploitation details, root cause specifics, or remediation steps beyond what is stated. No...

CVE-2025-57282

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

EUVD-2026-4337

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.8...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002968)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002968 advisory. The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-53619

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

SUSE CVE-2021-20234

An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability...

DEBIAN-CVE-2021-20237

An uncontrolled resource consumption memory leak flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a...

PT-2019-7670 · WordPress · Wp-Database-Backup

Name of the Vulnerable Software and Affected Versions: wp-database-backup plugin versions prior to 4.3.3 Description: The issue concerns a CSRF problem in the wp-database-backup plugin for WordPress. Recommendations: For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the iss...

CVE-2017-13072

Cross-site scripting XSS vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code...