12 matches found
CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve
Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...
CVE-2026-49477
Soup Sieve (CSS selector engine used by Beautiful Soup 4) Before 2.8.4 contains a regular-expression backtracking bug in soupsieve/css_parser.py (VALUE pattern) that enables catastrophic backtracking on unterminated quoted attribute values, causing CPU exhaustion and potential DoS when compiling ...
WordPress XT Floating Cart for WooCommerce plugin <= 2.8.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Floating Cart for WooCommerce versions = 2.8.4...
PT-2026-20281
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...
CVE-2022-28444
UCMS v1.6 was discovered to contain an arbitrary file read vulnerability...
AZL-59334 CVE-2025-1734 affecting package php for versions less than 8.3.19-1
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...
PT-2025-2473 · WordPress · Wp Mobile Menu
Name of the Vulnerable Software and Affected Versions: WP Mobile Menu versions n/a through 2.8.4.3 Description: A Cross-Site Request Forgery CSRF issue affects the WP Mobile Menu, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations: For...
WordPress plugin Crayon Syntax Highlighter Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress plugin Welcart e-Commerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2022-41910
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
CVE-2022-28438
creationtimestamp| type| source ---|---|--- 2022-04-22 00:33:09+00:00| seen| https://t.me/cibsecurity/41287...
Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities exist in the lynx-2.8.4 package of the Red Hat Enterprise Linux operating system. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...