Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

valkey security update

8.0.6-2 - rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819...

SUSE-SU-2025:03502-1 Security update for valkey

This update for valkey to version 8.0.6 fixes the following security issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818:...

EUVD-2025-19292

Malicious code in bioql PyPI...

EUVD-2024-29323

Malicious code in bioql PyPI...

EUVD-2024-29920

Malicious code in bioql PyPI...

EUVD-2023-35405

Malicious code in bioql PyPI...

BIT-MONGODB-2025-10059 MongoDB Server router will crash when incorrect lsid is set on a sharded query

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument lsid is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 a...

CVE-2025-52717

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a through = 8.0.6...

PT-2025-27116 · Lifterlms · Lifterlms

Name of the Vulnerable Software and Affected Versions: LifterLMS versions n/a through 8.0.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

CVE-2024-31434

Cross-Site Request Forgery CSRF vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a through 8.0.6...

CVE-2021-24342

The JNews WordPress theme before 8.0.6 did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue...

WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Furkan ÖZER in WordPress Plugin Advanced Page Visit Counter versions = 8.0.6...

CVE-2024-32098

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6...

WordPress Advanced Page Visit Counter Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Page Visit Counter Type Plugin Vulnerable versions = 8.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50371 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d2c9790972e Credits Khalid Yusuf Required...

CVE-2022-30572

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO...

CVE-2022-30571 TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's...

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

The theme did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue. PoC POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding:...

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

The theme did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue. POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip,...

CVE-2020-14691

Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...