CVE-2026-25058

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...

CLEANSTART-2026-FN44356 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.10-r0, 0.11-r0, 0.9-r0, 0.9-r1, 0.9-r2

Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

SUSE CVE-2026-25591

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

EUVD-2016-2340

Malware in sbrugna...

EUVD-2025-28336

Malicious code in bioql PyPI...

CVE-2025-49983

Server-Side Request Forgery SSRF vulnerability in Joe Hoyle WPThumb wp-thumb allows Server Side Request Forgery.This issue affects WPThumb: from n/a through = 0.10...

CVE-2025-49983 WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Joe Hoyle WPThumb wp-thumb allows Server Side Request Forgery.This issue affects WPThumb: from n/a through = 0.10...

CVE-2025-49983 WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Joe Hoyle WPThumb allows Server Side Request Forgery. This issue affects WPThumb: from n/a through 0.10...

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

WordPress plugin Personizely 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

com.github.zhkl0228:netguard (>=0.0.5 <=0.0.6), tech.kwik:flupke (>=0.5.4 <=0.6) +5 more potentially affected by CVE-2025-23020 via tech.kwik:kwik (=0.10)

tech.kwik:kwik MAVEN version =0.10 is affected by a known vulnerability. The following packages have a transitive dependency on tech.kwik:kwik and may be impacted: - com.github.zhkl0228:netguard =0.0.5, =0.5.4, =0.6 - tech.kwik:kwik-cli =0.10 - tech.kwik:kwik-h09 =0.10 - tech.kwik:kwik-interop...

CVE-2024-38523

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...

CVE-2024-38523

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...

CVE-2024-38523

Hush Line vulnerability CVE-2024-38523 affects the Hush Line OTP flow. The issue is a lack of 2FA for changing security settings, enabling an attacker using CSRF or XSS primitives to alter settings without user interaction and credentials being required. The problem is mitigated in version 0.10. ...

CVE-2024-38523 Hush Line OTP issue

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...

Net-IPv4Addr Security Vulnerability

Net-IPv4Addr is an open source Perl module from metacpan for working with IPv4 addresses. A security vulnerability exists in Net-IPv4Addr version 0.10 that stems from not properly filtering IP address strings that begin with 0, allowing an attacker to bypass IP address-based access control...

PT-2024-11203 · Unknown +1 · Net::Ipv4Addr +1

Name of the Vulnerable Software and Affected Versions: Net::IPV4Addr module version 0.10 for Perl Description: The issue arises from the Net::IPV4Addr module's improper handling of extraneous zero characters in IP address strings. This can lead to the bypassing of access control mechanisms that...

SUSE CVE-2013-4450

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...

SUSE CVE-2020-21831

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read2004sectionhandles ../../src/decode.c:2637...

SUSE CVE-2020-21835

A null pointer deference issue exists in GNU LibreDWG 0.10 via read2004compressedsection ../../src/decode.c:2337...