CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

CVE-2024-34347 @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE

@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside th...

Uncontrolled Resource Consumption in @discordjs/opus

Improperly handled errors in @discordjs/opus cause hard crashes instead of returning the error to user land. All versions of package @discordjs/opus = 0.7.0 are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads t...

CVE-2020-26283

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

CVE-2020-26283

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

PYSEC-2018-22

OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors similar issue to CVE-2015-5262 vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear...