coreMQTT Client Library 缓冲区错误漏洞

The coreMQTT Client Library is a lightweight client communication library developed under the FreeRTOS open source project. Versions of the coreMQTT Client Library prior to 5.0.1 contained a buffer error vulnerability. This vulnerability stems from the lack of boundary validation in the MQTT v5.0...

PT-2026-41372

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1...

PT-2026-21894

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ays block' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 5.0.1...

CVE-2025-33034 Qsync Central

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

CVE-2025-59143

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

CVE-2024-9445

The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displaymediumposts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

UBUNTU-CVE-2022-1475

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

PT-2021-7948 · Microsoft +4 · System.Directoryservices.Protocols +4

Name of the Vulnerable Software and Affected Versions: System.DirectoryServices.Protocols version 5.0.0 Description: A information disclosure issue exists where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on Linux. This could allow a remote attacker to...

2020-12 .NET 5.0.1 Update for x64 Client

2020-12 .NET 5.0.1 Update for x64 Client...