Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

GHSA-XRW6-GWF8-VVR9 Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

PT-2026-31658

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

WordPress List Category Posts plugin <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Plugin's Shortcode vulnerability discovered by Khanh Nguyen - BlueRock - BlueRock in WordPress Plugin List category posts versions = 0.91.0...

EUVD-2025-37418

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-11377

The CVE-2025-11377 case is supported by multiple connected sources: WordPress List category posts plugin 0.92.0) or follow vendor advisories for fixes. Monitor for updates from CVE databases and the plugin maintainers to confirm remediation efficacy.

CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

EUVD-2022-7099

Malicious code in bioql PyPI...

CVE-2023-31469 Apache StreamPipes: Privilege escalation through non-admin user

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

GHSA-GRV6-M753-3W2G NocoDB vulnerable to Denial of Service

NocoDB prior to 0.92.0 allows actors to insert large characters into the input field New Project on the create field, which can cause a Denial of Service DoS via a crafted HTTP request. Version 0.92.0 fixes this issue...

CVE-2022-3423

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...

Design/Logic Flaw

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...