84 matches found
GHSA-MM82-C99C-H2CF symfony/ux-live-component: Denial of service via unbounded batch action requests
Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...
symfony/ux-live-component: Denial of service via unbounded batch action requests
Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...
CVE-2026-44546
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
Unstructured Data Backup from Google Cloud Storage fails with a Bad Request error
Challenge An Unstructured Data Backup of data from Google Cloud Storage added to Veeam Backup & Replication as an S3-Compatible Object Storage data source fails with the following error: Failed to perform object backup Error: Agent: Failed to process method NasMaster.ExecuteBackupProcessor: Faile...
GHSA-R99V-75P9-XQM5 free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer
Summary The HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switch statement. When a request arrives with an unsupported Content-Type, the deserialization step is silently skipped, err remains nil, and the processor is invoked...
GHSA-WRWH-RPQ4-87HF free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
Summary An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to retrieve stored subscriber identifiers SUPI/IMSI with a single HTTP GET request requiring no parameters or credentials. Details The endpoint...
PT-2026-32972
Name of the Vulnerable Software and Affected Versions Free5GC versions 4.2.1 and earlier Description An information disclosure issue exists in the UDR Unified Data Repository service. An unauthenticated attacker with network access to the 5G Service Based Interface can retrieve stored subscriber...
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
UBUNTU-CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in the X server’s request handling. A non-zero value for “bytes to ignore” in a client’s request can cause the server to skip processing another client’s request, potentially leading to a denial of service...
EUVD-2018-0197
Malware in sbrugna...
CVE-2022-50335 9p: set req refcount to zero to avoid uninitialized usage
In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added...
Cross-site Scripting (XSS)
Overview django-aws-api-gateway-websockets is a Created to allow Django projects to be used as a HTTP backend for AWS API Gateway websockets Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of sanitization an HTTP header in the...
CVE-2024-46995
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...
CVE-2024-46995
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...
Cross-site Scripting (XSS)
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of HTTP 400 Bad Request responses. An attacker can inject malicious scripts into web pages. Details Cross-site scripting or...
CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...
CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
XSS vulnerability in HTTP 400 Bad Request to baserCMS. Target baserCMS 5.1.1 and earlier versions Vulnerability Malicious code may be executed in HTTP 400 Bad Request. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...
GHSA-MR7Q-FV7J-JCGV baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
XSS vulnerability in HTTP 400 Bad Request to baserCMS. Target baserCMS 5.1.1 and earlier versions Vulnerability Malicious code may be executed in HTTP 400 Bad Request. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...