CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

EUVD-2026-27091

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload...

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

EUVD-2025-203523

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

CVE-2023-48353

In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed...

CVE-2023-53038 scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject's routine to NULL check pdata. Currently, an early return error is thrown from lpfcreadobject to protect...

CVE-2023-53020 l2tp: close all race conditions in l2tp_tunnel_register()

In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...

Advanced Backups Security Vulnerability

Advanced Backups is a powerful backup mod for My World game by the individual developer Heather White. A security vulnerability exists in Advanced Backups v3.5.3 and earlier versions, which stems from a vulnerability that allows an attacker to write to arbitrary files by restoring a carefully...

CVE-2024-32799

Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3...

GHSA-49JP-CGHC-P5PJ JeecgBoot server-side template injection

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...

PT-2023-29203 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.2 through 7.4.3.53 Liferay DXP 7.4 before update 54 Description: The issue concerns multiple stored cross-site scripting XSS vulnerabilities in the fragment components. These vulnerabilities allow remote attackers ...

PT-2023-27983 · Jeecg · Jeecg

Name of the Vulnerable Software and Affected Versions: Jeecg versions up to 3.5.3 Description: The issue is an arbitrary file read vulnerability. It can be exploited via the interface "/testConnection". Recommendations: For versions up to 3.5.3, as a temporary workaround, consider restricting...

IBM TRIRIGA Application Platform Information Disclosure Vulnerability (CNVD-2019-13385)

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

Command Execution Vulnerability in OTCMS v3.53

Net Titanium Article Management System OTCMS is a simple and good asp article management system. A command execution vulnerability exists in OTCMS v3.53. An attacker can use the vulnerability to obtain website path information and write PHP code to gain server privileges...

UBUNTU-CVE-2016-7143

The mauthenticate function in modules/msasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter...

IBM Security Access Manager for Web Multicast DNS Information Disclosure Vulnerability

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business is a suite of IBM products for user authentication, authorization, and Web single sign-on solutions that provide user access management and Web application protection Functions. An information...