33 matches found
Infinite loop
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Infinite loop via the html.Parse function. An attacker can cause resource exhaustion and disrupt service availability by submitting special...
Inefficient Algorithmic Complexity
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the html.Parse function due to quadratic parsing complexity when processing certain inputs, which ca...
Inefficient Algorithmic Complexity
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the html.Parse function due to quadratic parsing complexity when processing certain inputs, which can lea...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SSH Agent servers. An attacker can cause a panic and disrupt service availability by sending a specially crafted, malformed message that triggers an out-of-bounds read. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the SSH servers. An attacker can exhaust system memory resources by sending GSSAPI authentication requests with an excessive...
EUVD-2024-46057
Malicious code in bioql PyPI...
EUVD-2025-13302
Malicious code in bioql PyPI...
CVE-2024-52814
Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...
CVE-2025-46568
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...
CVE-2025-46568
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...
CVE-2025-46568
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...
CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...
CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...
SUSE CVE-2025-24786
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
SUSE CVE-2025-24787
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
CVE-2025-24786
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2025-24786
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2025-24786
WhoDB (CVE-2025-24786) contains a path-traversal vulnerability in the SQLite3 access logic. The app exposes databases that may be opened via a user-supplied filename, constructing a path with a default directory (/db or ./tmp in dev) and using .Join() without validating that the path stays within...
CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...