207 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40011
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be...
CVE-2026-40011
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
EUVD-2026-39346
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011 Prometheus denial of service via crafted DNS queries
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011
CVE-2026-40011 describes a denial-of-service condition where sending a large number of crafted DNS queries can cause a dynamic block to be inserted with a value that yields invalid output on the Prometheus endpoint. The Prometheus data may then be rejected by the scraper until the dynamic block e...
CVE-2026-40011 Prometheus denial of service via crafted DNS queries
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
Malicious code in uol-simple-api-futebol (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...
EUVD-2025-210228
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69131
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69129
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69129
CVE-2025-69129 concerns the WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (versions
CVE-2025-69131
Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions
CVE-2025-69131 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
PT-2026-50082
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
EUVD-2026-36786
An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the scraper process. An attacker can access internal network resources by supplying a crafted URL after authenticating. Remediation There is no fixed version for koillection/koillection. References -...
CVE-2026-50888
An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...