CVE-2026-22809

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...

CVE-2026-22809

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...

CVE-2026-22809 tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...

CVE-2026-22809

tarteaucitron.js has a ReDoS vulnerability in the handling of the issuu_id parameter, fixed in version 1.29.0. Prior to 1.29.0, insufficiently constrained regex could cause excessive backtracking and CPU consumption. Upgrading to 1.29.0 or applying the mitigation described in public advisories is...

PT-2026-2796

Name of the Vulnerable Software and Affected Versions tarteaucitron.js versions prior to 1.29.0 Description A Regular Expression Denial of Service ReDoS issue exists in tarteaucitron.js when handling the issuu id parameter. This could lead to a denial of service. Recommendations Update to version...

EUVD-2024-40587

Malicious code in bioql PyPI...

CVE-2024-53382

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-29777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through = 1.29.0...

Bruno IDE Desktop Command Injection Vulnerability

Bruno IDE Desktop prior to 1.29.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed Description Timeline of Disclosure Thanks & Acknowledgements References =====...

Authorization Bypass Through User-Controlled Key

Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the updatesubscription endpoint. An authenticated attacker can modify other users' Stripe subscriptions by manipulating the email parameter in the...

Kubernetes 安全漏洞

Kubernetes K8s is an open source system for automating the deployment, scaling, and management of containerized applications from Kubernetes Open Source. A security vulnerability exists in Kubernetes that stems from allowing arbitrary commands to be executed via a specially crafted gitRepo volume...

PT-2024-30799 · Unknown · Jeroen Peters Name Directory

Name of the Vulnerable Software and Affected Versions: Jeroen Peters Name Directory versions 1.29.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations:...

WordPress plugin Name Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

Amazon Linux 2 : cri-tools (ALAS-2024-2568)

The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

CVE-2024-28890

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service DoS...

CVE-2024-1794

The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. 3gpp file in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress Forminator plugin <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Forminator versions = 1.29.0...

CVE-2024-29777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0...

PT-2024-23019 · Wpmu Dev · Wpmu Dev Forminator

Name of the Vulnerable Software and Affected Versions: WPMU DEV Forminator versions 1.29.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can...

Google Protobuf Go Module 1.29 < 1.29.1 DoS

The version of Google Protobuf module for Go is affected by a denial of service DoS vulnerability. Parsing invalid messages with a minus sign or whitespace can lead to a denial of service. Note that Nessus has not tested for these issues but has instead relied only on the application's...