CVE-2026-7790

CVE-2026-7790 : Uncontrolled resource consumption in ninenines cowlib (cow_http_te) allows CPU and memory DoS via HTTP/1.1 chunked transfer encoding. The chunk-size field accepts an unbounded number of hex digits, causing O(N^2) CPU work and O(N) memory for N digits; drip-fed input worsens this t...

NextChat 安全漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier contained a security vulnerability. This vulnerability stemmed from the improper authorization in the addMcpServer function within the...

PT-2026-28789

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms image proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the sche...

CVE-2023-4879

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...

EUVD-2023-54764

Malicious code in bioql PyPI...

CVE-2023-4655

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1...

WordPress plugin Popup Builder by OptinMonster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-4928 SQL Injection in instantsoft/icms2

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1...

icms security breach

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in icms version 2.16.1-git, which is caused by an External Control of System or Configuration Setting vulnerability...

PT-2023-28131 · Instantsoft · Icms2

Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1-git Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious script...

GHSA-RF92-3VJR-W628 Improper Authentication in Jenkins Active Directory Plugin

Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. The LDAP-based mode in Active Directory Plugin starting in version 1.44 and prior to versions 2.16.1 and 2.20 shares code between user lookup and user authenticatio...