CVE-2025-56353

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...

CVE-2025-56353

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...

CVE-2025-56353

The CVE-2025-56353 affects the tinyMQTT broker. A memory leak occurs because the broker does not validate or reject malformed UTF-8 strings in topic filters, allowing an attacker to send repeated subscription requests with large/invalid payloads. Each request allocates memory for the malformed to...

tinyMQTT security vulnerability

tinyMQTT is a pre-sorted tree traversal algorithm library developed by 0x7C9A. There is a security vulnerability in tinyMQTT; this vulnerability arises from the proxy failing to verify or reject malformed UTF-8 strings in topic filters, which may lead to memory leaks and denial-of-service attacks...

Mattermost security vulnerabilities

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 10.11.8 and earlier, including 10.11.x, have a security vulnerability. This vulnerability stems from the lack of input validation before processing topic tags, which may allow...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bbptopictitle' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

EUVD-2025-205765

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use getdevice and putdevice in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check...

SUSE CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

[SECURITY] Fedora 43 Update: mqttcli-0.2.8-1.fc43

mqttcli provides two programs pub and sub that allow command-line access to an MQTT broker. sub subscribes to a topic and prints messages received to standard output. pub publishes the provided message to the provided topic. Both programs accept flags that can be provided as a config file...

CVE-2025-13126

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the postargs and topicargs parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

EUVD-2025-203280

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the postargs and topicargs parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

CVE-2025-13126

The CVE-2025-13126 entry concerns the wpForo Forum plugin for WordPress. It is an unauthenticated SQL Injection vulnerability disclosed for all versions up to 2.4.12, caused by insufficient escaping of post_args and topic_args in existing SQL queries, enabling an attacker to append additional SQL...

CVE-2025-14581

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...

WordPress plugin wpForo Forum SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugi...

PT-2025-51145

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions prior to 2.4.13 Description The wpForo Forum plugin for WordPress is susceptible to SQL Injection. Insufficient input sanitization on user-supplied parameters and inadequate SQL query preparation allo...

EUVD-2025-203188

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...

Authenticated SQL Injection

torrentpier/torrentpier is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicid parameter in modcp.php, which allows an authenticated moderator to inject malicious SQL queries and exploit the database...

PT-2025-51050

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit form reply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level...

Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...