8 matches found
CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...
GHSA-P2M9-WCP5-6QW3 multipart vulnerable to ReDoS in `parse_options_header()`
Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...
PT-2025-5418 · Elementor · Elementinvader Addons For Elementor
Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions 1.3.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potentia...
PT-2024-33407 · Unknown · Sunburntkamel Disconnected
Name of the Vulnerable Software and Affected Versions: sunburntkamel disconnected versions n/a through 1.3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This is a Reflected XSS vulnerability, which affec...
PT-2024-24438 · WordPress · Ovic Responsive Wpbakery
Name of the Vulnerable Software and Affected Versions: Ovic Responsive WPBakery versions 1.3.0 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects Ovic Responsive WPBakery, allowing potential unauthorized access. Recommendations: For...
PT-2024-22609 · Symfony +1 · Symfony1 +1
Name of the Vulnerable Software and Affected Versions: Symfony1 versions 1.3.0 through 1.5.17 Description: This issue is related to a gadget chain in Symfony1 due to a vulnerable Swift Mailer dependency. The vulnerability allows an attacker to achieve remote code execution if a developer...
CVE-2023-27433
Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0...
PT-2023-11810 · Bonitasoft · Bonita-Connector-Webservice
Name of the Vulnerable Software and Affected Versions: bonitasoft bonita-connector-webservice versions up to 1.3.0 Description: A problematic issue was found in the software, affecting the TransformerConfigurationException function of the file...