CVE-2026-40989 Self Routing guard bypassed via function composition

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

Django 4.2.x < 4.2.27, 5.0.x < 5.1.15, 5.2.x < 5.2.9 Multiple Vulnerabilities - Linux

Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...

EUVD-2015-7747

Malware in sbrugna...

Moodle 4.3.x < 4.3.7 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.3. It is, therefore, affected by multiple vulnerabilities. - A lesson activity password bypass through PHP loose...

Mastodon 4.2.x < 4.2.9 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.17 or 4.2.x prior to 4.2.9. It is, therefore, affected by multiples vulnerabilities : - Private mention filtering can be bypassed - Missing rate-limit to password change endpoint -...

Wireshark 4.2.x < 4.2.6 A Vulnerability

The version of Wireshark installed on the remote Windows host is prior to 4.2.6. It is, therefore, affected by a vulnerability as referenced in the wireshark-4.2.6 advisory. - The SPRT dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire ...

PT-2024-14522 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP versions 4.1.3 and earlier SPIP versions 4.2.x through 4.2.6 Description: The issue arises from the ecrire/public/assembler.php file in SPIP, where input from request is not restricted to safe characters, such as alphanumerics, allowing...

QNAP QTS OS Command Injection Vulnerability (QSA-23-35)

QNAP QTS is prone to an OS command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...

PT-2022-12427 · Terramaster · Terramaster F2-210 +2

Name of the Vulnerable Software and Affected Versions: Terramaster F4-210, F2-210 TOS version 4.2.X 4.2.15-2107141517 Description: The issue allows for the execution of arbitrary commands as root by sending a specifically crafted input to the "/tos/index.php?app/del" API endpoint. Recommendations...

WordPress 4.2.x < 4.2.32 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...

MongoDB DoS Vulnerability (SERVER-36263) - Windows

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

CVE-2021-42326

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter...

MongoDB Log Spoofing Vulnerability (SERVER-50605)

MongoDB is prone to a log spoofing vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if descriptio...

CVE-2021-20335

For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and c...

Security Bulletin: Vulnerabilities in Swagger affects WebSphere Application Server Liberty

Summary There are vulnerabilities in Swagger that affects WebSphere Application Server Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information,...

Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1783).

Summary Db2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version 4.1.x and 4.2.x that is used by Db2® pureScale™ Feature on AIX and Linux. IBM Spectrum Scale is previously known as General Parallel File System GPFS. Vulnerability Details CVEID: CVE-2018-1783 DESCRIPTION: IBM GPFS IBM...

WordPress 4.2.x < 4.2.11 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

Security Bulletin: Vulnerability in WebSphere Liberty ORB client

Summary There's a vulnerability in WebSphere Liberty ORB client used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1683 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, cause...

Security Bulletin: IBM Streams is potentially affected by a vulnerability caused by parsing text in the Web Console

Summary The IBM Streams Web console is potentially vulnerable to cross-site scripting and other related attacks. IBM Streams has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-1431 DESCRIPTION: IBM InfoSphere Streams is vulnerable to cross-site scripting. This vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and IBM® Runtime Environment Java™ Version 7 used by TPF Toolkit. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018. Vulnerability Details CVEID: CVE-2017-1035...