37 matches found
PT-2026-27054
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
Infinite loop
Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the...
CVE-2025-14435
Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...
CVE-2025-36102
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...
Improper Authorization org.springframework.security:spring-security-core Dependency in Jira Software Data Center and Server
This High severity Improper Authorization vulnerability was introduced in versions 11.01.1 and 11.1.1 of Jira Software Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to expos...
PT-2025-45570
Name of the Vulnerable Software and Affected Versions aaPanel BaoTa versions prior to 11.1.1 Description A SQL injection issue exists in aaPanel BaoTa. The issue is located in the Backend component, specifically within the /database?action=GetDatabaseAccess endpoint. Manipulation of the Name...
CVE-2025-43855
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855
CVE-2025-43855 affects tRPC 11 WebSocket servers (versions 11.0.0–11.1.0) where validating malformed connectionParams can throw an unhandled error, crashing the server. Any unauthenticated user can trigger this on WebSocket-enabled servers with a createContext method. The issue has been patched i...
PT-2024-23404 · Lionscripts · Lionscripts Ip Blocker Lite
Name of the Vulnerable Software and Affected Versions: LionScripts IP Blocker Lite versions prior to 11.1.1 Description: The issue is related to an Authentication Bypass by Spoofing, allowing functionality bypass. Recommendations: For versions prior to 11.1.1, update to version 11.1.1 or later to...
CVE-2023-47637
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of getFilterConditi...
WordPress WooCommerce Blocks Plugin <= 11.1.1 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Blocks Type Plugin Vulnerable versions = 11.1.1 Fixed in 11.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47777 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99320ddb7175 Credits Rafie Muhammad Patchstack Require...
CVE-2017-20017 The Next Generation of Genealogy Sitebuilding timeline2.php sql injection
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated...
CVE-2021-42722
Adobe Bridge version 11.1.1 and earlier is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...
CVE-2021-42533
Adobe Bridge version 11.1.1 and earlier is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...
Design/Logic Flaw
Adobe Bridge version 11.1.1 and earlier is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...
Design/Logic Flaw
Adobe Bridge version 11.1.1 and earlier is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...