com.cognifide.aet:jobs (>=2.0.0 <=3.2.2), com.cognifide.aet:w3chtml5validator (>=2.0.0 <=3.2.2) +3 more potentially affected by CVE-2025-15104 via nu.validator:validator (>=15.3.28 <=26.5.29)

nu.validator:validator MAVEN version =15.3.28, =2.0.0, =2.0.0, =1.0, =1.0, =0.0.1, =1.0.0 Source cves: CVE-2025-15104 Source advisory: SNYK:JAVA-NUVALIDATOR-15010790...

Server-side Request Forgery (SSRF)

Overview nu.validator:validator is an A library of string validators and sanitizers. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper implementation of localhost bypass protection. An attacker can cause the server to initiate arbitrary HTTP ...

WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Antideo Email Validator versions = 1.0.10...

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

CVE-2025-14853 LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

CVE-2025-14853 LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

PT-2026-3224

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the display settings page function. This makes it possible for unauthenticated attackers to modify plugin settings vi...

WordPress LEAV Last Email Address Validator plugin <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin LEAV Last Email Address Validator versions = 1.7.1...

CVE-2019-18413

In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...

CVE-2022-23623

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific...

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery SSRF. This could be exploited to read arbitrary local files if an attacker has access to exception messages...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000175 advisory. In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of...

PT-2026-27683

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s ALSA subsystem related to USB audio handling. Specifically, the validator table for UAC3 AC header descriptors incorrectly uses UAC VERSION 2 instead ...

CVE-2025-62091

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce...

CVE-2025-62091 WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce...

EUVD-2025-205947

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.8.2...

CVE-2025-62091 WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.8.2...

CVE-2025-62091

CVE-2025-62091 is a Missing Authorization vulnerability in the WordPress plugin Serial Codes Generator and Validator with WooCommerce Support, affecting versions from n/a through

WordPress DeBounce Email Validator plugin <= 5.8.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin DeBounce Email Validator versions = 5.8.0...

PT-2025-54339

Name of the Vulnerable Software and Affected Versions Vollstart Serial Codes Generator and Validator with WooCommerce Support versions through 2.8.2 Description The software contains a missing authorization issue stemming from incorrectly configured access control security levels. This allows for...