CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

Picomatch 安全漏洞

Picomatch is a fast and accurate Glob pattern matching library written in JavaScript, developed by micromatch. Versions prior to Picomatch 4.0.4, 3.0.2, and 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from regular expression denial-of-service attacks when processing...

CVE-2026-0944

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4...

SUSE CVE-2017-18900

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000157 advisory. An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL...

WordPress CryptX plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CryptX versions = 4.0.5...

SSRF vulnerability using the Aegis DataBinding in Apache CXF

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings including the default databinding are not impacted...

PT-2023-19104 · WordPress · Mainwp Google Analytics Extension

Name of the Vulnerable Software and Affected Versions: MainWP Google Analytics Extension plugin versions = 4.0.4 Description: The issue is related to an authenticated SQL Injection vulnerability. This means that an attacker with subscriber-level access or higher can potentially inject malicious S...

Mattermost Server Information Disclosure Vulnerability (CNVD-2020-52027)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.1.0, 4.0.4 and 3.10.3. An attacker can exploit the vulnerability by requesting a JSON document to obtain a team invitation ID...

PT-2019-12954 · Hunesion · Hunesion I-Onenet

Name of the Vulnerable Software and Affected Versions: Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16 Description: The issue arises from the lack of update file integrity checking in the upgrade process, allowing an attacker to craft a malicious fi...

Restify Cross-Site Scripting Vulnerability

Restify a framework for building REST APIs using Connect middleware . A cross-site scripting vulnerability exists in Restify versions 2.0.0 through 4.0.4. A remote attacker can exploit this vulnerability to execute script in a browser...

security flaw

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...