CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...

CVE-2026-25754

CVE-2026-25754 affects AdonisJS multipart form-data parsing (package: @adonisjs/bodyparser). The underlying issue is prototype pollution caused by insufficient validation of multipart field names during parsing, allowing manipulation of object prototypes at runtime. Affected versions are AdonisJS...

CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...

GHSA-F5X2-VJ4H-VG4C AdonisJS multipart body parsing has Prototype Pollution issue

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

PT-2026-6857

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

@adonisjs/lucid 安全漏洞

@adonisjs/lucid is a database object-relational mapping library open-sourced by the AdonisJS Framework. Versions of @adonisjs/lucid before 10.1.3 and versions before 11.0.0-next.9 have security vulnerabilities. These vulnerabilities stem from prototype pollution in the parsing of multi-part form...

EUVD-2010-5294

Malware in sbrugna...

EUVD-2023-42134

Malicious code in bioql PyPI...

EUVD-2023-42133

Malicious code in bioql PyPI...

EUVD-2023-42141

Malicious code in bioql PyPI...

EUVD-2025-4099

Malicious code in bioql PyPI...

Security Bulletin: IBM Security Guardium is affected by a Incorrect Permission Assignment for Critical Resource vulnerability (CVE-2017-1266 )

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-1266 DESCRIPTION: IBM Security Guardium specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CVSS Base...

Security Bulletin: IBM Security Guardium is affected by Open Source libxml2 vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-9050 DESCRIPTION: libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictAddString function in dict.c. By sending a specially-crafted...

CVE-2023-38313

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a dobinauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS a Denial-of-Service condition...

CVE-2010-5337

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...

CVE-2025-25285

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

GHSA-MQ6V-W35G-3C97 Local File Inclusion vulnerability in zmarkdown

Impact A minor Local File Inclusion vulnerability has been found in zmarkdown, which allowed for images with a known path on the host machine to be included inside a LaTeX document. To prevent it, a new option has been created that allow to replace invalid paths with a default image instead of...