Allocation of Resources Without Limits or Throttling

Overview marked is a low-level compiler for parsing markdown without caching or blocking for long periods of time. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Tokenizer. An attacker can cause the application to exhaust system...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:marked is a low-level compiler for parsing markdown without caching or blocking for long periods of time. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Tokenizer. An attacker can cause the application to...

EUVD-2026-25585

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

CVE-2026-41680

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

EUVD-2016-7477

Malware in sbrugna...

EUVD-2016-7476

Malware in sbrugna...

EUVD-2025-28396

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-0673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to...

PT-2025-33092 · Lattice Semiconductor · Ispvm System

Name of the Vulnerable Software and Affected Versions: Lattice Semiconductor ispVM System version 18.0.2 Description: Lattice Semiconductor ispVM System version 18.0.2 contains a buffer overflow issue in the handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag,...

CVE-2025-4278

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

UBUNTU-CVE-2025-1516

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service...

UBUNTU-CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

CVE-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

GitLab 18.0 < 18.0.2 (CVE-2025-4278)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

GitLab Community Edition和GitLab Enterprise Edition 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Community Edition and GitLab...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 17.10.8, prior to 17.11.4, and prior to 18.0.2, which stems from a competitive condition that could lead to the clonin...

GitLab Enterprise Edition 多款产品安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 17.10.8, prior to 17.11.4, and prior to 18.0.2, which stems from the possibility that a user could bypass IP access...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

CVE-2023-35899

CVE-2023-35899 affects IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2. The issue is a CSV injection vulnerability caused by improper validation of CSV file contents, enabling a remote attacker to execute arbitrary commands on the system. Affected products/versions (per sources) inclu...

GHSA-CM6R-892J-JV2G Google Play Services SDK leads to apps having incorrectly set mutability flag

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...