CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

CVE-2026-33937

A flaw was found in Handlebars. An attacker can exploit this by supplying a crafted Abstract Syntax Tree AST object to the Handlebars.compile function. This allows the injection and execution of arbitrary JavaScript code due to improper sanitization of the value field in NumberLiteral AST nodes...

CVE-2019-25587 BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2019-25564

Summary : CVE-2019-25564 affects PCHelpWareV2 1.0.0.5. The vulnerability is a local, denial-of-service issue triggered by an excessively long string in the Group field, where a buffer overflow payload can be pasted into the Group property and cause the application to crash. The connected records ...

CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...

CVE-2021-47818 DupTerminator 1.4.5639.37199 - Denial of Service

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...

CVE-2025-66404

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

CVE-2025-66404

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

SUSE CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...

CVE-2025-9624 OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...

OESA-2025-2686 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

EUVD-2025-33797

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

EUVD-2021-13946

Malware in sbrugna...

EUVD-2000-0857

Malware in sbrugna...

EUVD-2014-3853

Malware in sbrugna...