Fedora 44 : chromium (2026-15e444c3bb)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-15e444c3bb advisory. Update to 149.0.7827.53 fix 429 CVEs CVE-2026-10881 through CVE-2026-11309 Tenable has extracted the preceding description block directly from the...

CVE-2026-45781

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...

MCP Registry 安全漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.9 contained security vulnerabilities. These vulnerabilities stemmed from OCI ownership verification skipping tag matching checks during HTTP 429 requests, which...

PT-2025-53608

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.27.0 through 1.27.9 Description An attacker could disrupt access to RSS feeds for all users of an instance by manipulating the proxy settings to send a large number of 429 Retry-After requests. This denial of service makes...

EUVD-2019-11889

Malware in sbrugna...

CVE-2023-49922

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Netflix MH370: The plane that wasn’t hacked

I’m a sucker for a good documentary, but the recent Netflix MH370: The Plane That Disappeared had me shouting at the screen. The first episode talks about the most widely accepted theory; a tragic pilot-created murder-suicide. However, the second episode goes completely off the rails, discussing ...

No Rate Limit On Reset Password

Description A rate limiting algorithm is used to check if the user session or IP address has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: Too Many Requests. wikipedia ...

Smartphone Discounts Set To Rocket As Market Slumps

By Owais Sultan In the US, there was a drop in sales of 19% as people stayed on their phones for longer. Globally, smartphone sales are down from 488 million units to 429 million units. This is a post from HackRead.com Read the original post: Smartphone Discounts Set To Rocket As Market Slumps...

No Rate Limit On Reset Password Page

Description I have identified that when Reset Password for account , the request has no rate limit which then can be used to loop through one request. This can annoy to the root users sending mass password to one email. A rate limiting algorithm is used to check if the user session or IP-address...

On : No Rate Limit in Login Page

The login page of the website did not have a rate limit implemented, allowing an attacker to perform brute force attacks by trying multiple login attempts without being restricted...

UPchieve: No rate Limit on Password Reset page on upchieve

Summary: Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status...

dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow Exploit

Exploit Title: dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow PoC Exploit Author: Kağan Çapar Vendor Homepage: https://www.ddc-web.com/ Software Link: https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/software-1/bu-69414?partNumber=BU-69414 Version: 4.5.3 Tested On: Windows 10...

Courier: Missing rate limit in signup Form

Hello Team , Description When signing up for an account, you enter your email. When this email is already in use, the server responds with "UserConfirmed":true,"UserSub":"ae294fff-6d55-407d-9676-1f3518029037" This in not a problem, but the fact that you could send this request unlimited times is...

Stripo Inc: [www.stripo.email] There is no rate limit for contact-us endpoints

Summary The speed limit for the https://stripo.email/es/contact-us endpoint has not been implemented. Steps To Reproduce 1. Go to the https://stripo.email/es/contact-us 2. Turn on blocking and fill out the contact form 3. Send request to Intruder. 4. Set your payloads and start attack. 5. There i...

Stripo Inc: [www.stripo.email] You can override the speed limit by adding the X-Forwarded-For header.

Summary In https://stripo.email/template-order I think you have implemented rate limiting via 429 status code for too many requests, but in reality it is not. An attacker could bypass the 429 speed limit by adding an X-Forwarded-For header. Steps To Reproduce 1. Go to the...

Moderate: Red Hat Security Advisory: skopeo security and bug fix update

An update for skopeo is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2019-2332

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607,...

CVE-2019-10512

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in...

CVE-2019-10533

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W,...