CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

Apache Uniffle 安全漏洞

Apache Uniffle is a remote mashup service from the Apache Foundation. A security vulnerability exists in Apache Uniffle versions prior to 0.10.0 that stems from an insecure HTTP client configuration that trusts all SSL certificates and disables hostname validation, which could lead to a...

PT-2026-1641

Name of the Vulnerable Software and Affected Versions Uniffle versions prior to 0.10.0 Description The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle...

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms AI-Serving module v0.10.0-SNAPSHOT and prior versions, which originates from an image decompression bomb and may result in a denial of service...

CVE-2025-11022

Cross-Site Request Forgery CSRF vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny ownersh...

EUVD-2025-202046

Cross-Site Request Forgery CSRF vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny...

CVE-2025-11022

Cross-Site Request Forgery CSRF vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny...

Panilux 跨站请求伪造漏洞

Panilux is a project management and content distribution system from the Turkish company Panilux. A cross-site request forgery vulnerability exists in Panilux versions prior to Panilux v.0.10.0, which stems from cross-site request forgery and could lead to a command injection attack...

PT-2025-45442

Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.10.0 Description Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.10.0 do not remove ANSI escape sequences from user-supplied data, such as names, potentially allowing for the...

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2023-30792

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...

CVE-2023-0111

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.10.0...

DEBIAN-CVE-2025-3757

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

xrdp security vulnerability

xrdp is an open source remote desktop protocol server from neutrinolabs open source. A security vulnerability exists in xrdp versions prior to 0.10.0 that stems from an invalid limit on the configuration parameter for the maximum number of login attempts, allowing an attacker to make unlimited...

SUSE CVE-2014-7271

Simple Desktop Display Manager SDDM before 0.10.0 allows local users to log in as user "sddm" without authentication...

PT-2023-16017 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.10.0 Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository usememos/memos. This type of attack involves an attacker injecting malicious scripts into a website, which a...

memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. memos versions prior to 0.10.0 have a cross-site scripting vulnerability that stems from the fact that it allows link tagging without validation, which could be exploited by an attacker to implement cross-si...

memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. memos versions prior to 0.10.0 have a cross-site scripting vulnerability that stems from its csp being too simple to allow an attacker to bypass. No detailed vulnerability details are available at this time...

PT-2023-16018 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.10.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing attackers to inject...