44 matches found
GHSA-PJWM-PJ3P-43MV axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
Summary shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe still routes through the...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
PT-2026-2950
Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-34517
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34183
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential...
Linux Distros Unpatched Vulnerability : CVE-2017-10365
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.18 and earlier. Easily...
Linux Distros Unpatched Vulnerability : CVE-2017-3644
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily...
Linux Distros Unpatched Vulnerability : CVE-2017-3643
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily...
Linux Distros Unpatched Vulnerability : CVE-2017-3642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.18 and earlier. Easily...
Linux Distros Unpatched Vulnerability : CVE-2017-3645
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.18 and earlier. Easily...
CVE-2023-34099
Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7....
CVE-2020-2718
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2024-8107
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
WordPress Slider Revolution plugin <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Slider Revolution versions = 6.7.18...
Pluck 安全漏洞
Pluck is a small and simple content management system written in PHP by Pluck CMS Open Source. A security vulnerability exists in Pluck version 4.7.18, which stems from an incorrect path restriction to a restricted directory that could allow an unauthenticated attacker to extract sensitive...
PT-2024-30268 · Pluck Cms · Pluck Cms
Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.18 Description: The issue allows attackers to execute a brute force attack due to the lack of restriction on failed login attempts. Recommendations: For Pluck CMS version 4.7.18, consider implementing a custom restrictio...
Shopware 信息泄露漏洞
Shopware is a set of open source e-commerce software from the German company Shopware. An information disclosure vulnerability exists in Shopware versions prior to 5.7.18, which stems from an incorrect configuration in the htaccess file, which can read the Javascript configuration file...