EUVD-2025-209421

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

CVE-2025-31991

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

CVE-2025-31991

The CVE-2025-31991 entries describe a brute-force risk in HCL DevOps Velocity caused by improper enforcement of login rate limiting. Affected software is HCL DevOps Velocity (no specific build details provided beyond the fixed version). The root cause is insufficient restrictions on successive lo...

WordPress plugin Download Monitor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-31990

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service DoS attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability ...

EUVD-2025-206899

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service DoS attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability ...

CVE-2025-31990

The CVE-2025-31990 entry concerns HCL Velocity where rate limiting on certain API calls is not enforced, enabling Denial of Service (DoS) by attackers sending a high volume of requests. The Red Hat/NVD/CVE listings confirm the affected product is HCL Velocity and that the issue leads to resource ...

PYSEC-2025-13

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings...

PT-2024-36220 · Unknown · Projectopia

Name of the Vulnerable Software and Affected Versions: Projectopia versions through 5.1.7 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability. This vulnerability allows attackers to bypass authentication using an alternate path. There is ...

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL databas...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

CVE-2022-44938

Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack...

PT-2022-27339 · Seeddms · Seeddms

Name of the Vulnerable Software and Affected Versions: SeedDMS versions 5.1.7 through 6.0.20 Description: The issue is related to weak reset token generation, allowing attackers to execute a full account takeover via a brute force attack. Recommendations: For SeedDMS version 5.1.7, update to a...

Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability - Windows

Apple Safari is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...

Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability - Mac OS X

Apple Safari is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...

Safari < 5.1.7 Multiple Vulnerabilities

Binary data 800989.prm...

JVN#59748723 MySQL Connector/J vulnerable to SQL injection

MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Impact A remote attacker could obtain and modify contents in the database. Solution Update the Software...