WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Niv Kochan in WordPress Plugin Montonio for WooCommerce versions = 10.1.2...

WordPress MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure And Plugin Integration Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Google Analytics by Monster Insights versions = 10.1.2...

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable through missing capability checks on get_ads_access_token() and reset_experience() in all versions up to 10.1.2. The issue allows authenticated attackers with Subscriber-lev...

Fedora 44 : trafficserver (2026-7839a46d9d)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7839a46d9d advisory. Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling...

CVE-2025-65114

Apache Traffic Server is affected by a vulnerability where malformed chunked message bodies enable request smuggling. Affected versions are 9.0.0–9.2.12 and 10.0.0–10.1.1. The issue is mitigated by upgrading to 9.2.13 or 10.1.2, which address the bug. No exploitation details are provided in the d...

PT-2026-29792

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

EUVD-2018-12789

Malware in sbrugna...

EUVD-2021-1955

Malware in sbrugna...

EUVD-2023-42141

Malicious code in bioql PyPI...

CVE-2021-39170

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually...

Malicious code in spid-gc-ui-leaderboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d8763b265bbae0905c18ebc08f6172c04bcfde90c538984eb52d0a5902507ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-38314

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Servic...

DEBIAN-CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a dobinauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. The issue...

UBUNTU-CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a dobinauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. The issue...

openNDS Code Issues Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A code issue vulnerability exists in versions prior to openNDS 10.1.2 that stems from the presence of a NULL pointer dereference, which can be exploited by an attacker to cause a denial of service...

openNDS Code Issues Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A code issue vulnerability exists in versions prior to openNDS 10.1.2 that stems from the presence of a NULL pointer dereference, which can be exploited by an attacker to cause a denial of service...

Apache Tomcat JsonErrorReportValve Injection Vulnerability (Jan 2023) - Linux

Apache Tomcat is prone to a JsonErrorReportValve injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Tomcat < 10.1.2 Vulnerability

Binary data 701432.pasl...

GHSA-2V88-QQ7X-XQ5F Improper Encoding or Escaping of Output in Asset Metadata Component

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually...

Improper Encoding or Escaping of Output in Asset Metadata Component

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually...