EUVD-2021-2533

Malware in sbrugna...

EUVD-2019-17148

Malware in sbrugna...

EUVD-2024-0593

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-24750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very...

CVE-2025-32244

CVE-2025-32244 describes a missing authorization vulnerability in the SEO Help WordPress plugin. The advisory notes misconfigured access control security levels, affecting SEO Help versions n/a through 6.7.9 (per initial description). Connected security sources corroborate the CVE’s association w...

CVE-2025-28918 WordPress Featured Image Thumbnail Grid plugin <= 6.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featured Image Thumbnail Grid: from n/a through = 6.8...

CVE-2025-28918

CVE-2025-28918 : Stored XSS in WordPress plugin Featured Image Thumbnail Grid up to version 6.6.1 . Root cause: improper neutralization of input during web page generation in the plugin, enabling stored cross-site scripting. Affected product/component: WordPress Plugin – Featured Image Thumbnail ...

CVE-2024-13459

The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesknewcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin FuseDesk 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16961 · WordPress · Wp-Speedup Block Editor Bootstrap Blocks

Name of the Vulnerable Software and Affected Versions: WP-speedup Block Editor Bootstrap Blocks versions through 6.6.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This lets an...

LimeSurvey < 6.6.1 Header Injection Vulnerability

LimeSurvey is prone to a header injection vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:limesurvey:limesurvey";...

CVE-2024-24750 Backpressure request ignored in fetch() in Undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

GHSA-3787-6PRV-H9W3 Undici proxy-authorization header not cleared on cross-origin redirect in fetch

Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers. Patches This is patched in v5.28.3 and v6.6.1 Workarounds There are no known workarounds. References - https://fetch.spec.whatwg.org/authentication-entries -...

GHSA-9F24-JQHM-JFCW fetch(url) leads to a memory leak in undici

Impact Calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. Patches Patched in v6.6.1 Workarounds Make sure to always consume the incoming body...

PT-2023-29737 · Qt Company · Qt

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 6.2.11 Qt versions 6.3.x through 6.6.x before 6.6.1 Description: An issue was discovered in Qt when a QML image refers to an image whose content is not known yet, leading to an assumption that it is an SVG document. If th...

GHSA-F553-J2GV-G5R9 Apache Solr Kerberos delegation token functionality flaws

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

Cross site scripting

Cross Site Scripting XSS vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting XSS or information disclosure...

CVE-2017-18856

NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection...

Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks

A vulnerability has been discovered in the Forcepoint VPN Client software for Windows. The flaw could enable an attacker – with an existing foothold on a system – to achieve an escalation of privilege, persistence and in some cases defense evasion. The vulnerability CVE-2019-6145 stems from an...

CVE-2019-7608

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting XSS vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...