68 matches found
CVE-2026-11788
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...
CVE-2026-11788 389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...
CVE-2026-11788
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...
EUVD-2026-35420
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...
PT-2026-47778
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...
GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...
CVE-2026-34613
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...
CVE-2026-33488
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...
CVE-2019-16563
Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties...
WordPress BugsPatrol plugin deserialization vulnerability
WordPress BugsPatrol plugin is a WordPress theme designed for pest control services, offering the ability to create professional pest control company websites that support the presentation of pest management services in business, home and other scenarios. WordPress BugsPatrol plugin suffers from ...
EUVD-2019-6205
Malware in sbrugna...
EUVD-2024-16408
Malicious code in bioql PyPI...
EUVD-2024-16752
Malicious code in bioql PyPI...
EUVD-2023-43842
Malicious code in bioql PyPI...
EUVD-2025-3949
Malicious code in bioql PyPI...
EUVD-2022-51850
Malicious code in bioql PyPI...
EUVD-2024-54000
Malicious code in bioql PyPI...
EUVD-2022-25041
Malicious code in bioql PyPI...
CVE-2022-4509
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...
CVE-2022-1760
The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...