190 matches found
CVE-2026-32287
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...
CVE-2026-32287
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...
PT-2026-28438
Name of the Vulnerable Software and Affected Versions versions prior to 2026-32287 Description Boolean XPath expressions that evaluate to true can cause an infinite loop within the logicalQuery.Select function, resulting in 100% CPU utilization. This condition can be initiated by top-level...
CVE-2025-12709
The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12709 Interactions – Create Interactive Experiences in the Block Editor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Plugin Interactions: Cross-Site Script Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
MiracleLinux 9 : redis:7 (AXSA:2025-9608:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9608:01 advisory. redis: Redis' Lua library commands may lead to remote code execution CVE-2024-46981 redis: Redis allows denial-of-service due to malformed ACL...
MiracleLinux 9 : redis:7 (AXSA:2024-9438:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9438:01 advisory. redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 redis: possible bypass of Unix socket permissions on startup CVE-2023-45145 redis:...
CVE-2021-22101
Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with labelselectors on multiple V3 endpoints by generating an enormous SQL query...
CVE-2022-0969
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...
CVE-2020-10242
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...
Incomplete Filtering
validator is vulnerable to Incomplete Filtering.The vulnerability is due to improper handling of Unicode variation selectors \uFE0F, \uFE0E, where these characters are not counted toward string length, allowing attackers to submit inputs far longer than intended and potentially causing data...
Exploit for CVE-2025-12758
CVE-2025-12758: Validator.js isLength Unicode Variation Sele...
Malicious Package
Overview chain-selectors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-199912
Malicious code in chain-selectors npm...
Malicious code in chain-selectors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7c7965dde4649d4adda7307f395134f22ed654c9a20b2c7dc9ea1b0c1dad9 The package chain-selectors was found to contain malicious code. Source: ghsa-malware 5632dc92ff1221e72c077781c43c1482a1a40fd5c703f95dd209890a4aa7941...
MAL-2025-191487 Malicious code in chain-selectors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7c7965dde4649d4adda7307f395134f22ed654c9a20b2c7dc9ea1b0c1dad9 The package chain-selectors was found to contain malicious code. Source: ghsa-malware 5632dc92ff1221e72c077781c43c1482a1a40fd5c703f95dd209890a4aa7941...
CVE-2025-12758
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...
EUVD-2025-199795
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...
GHSA-VGHF-HV5Q-VC2G Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...