D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...

CVE-2025-54858

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End o...

EUVD-2007-2376

Malware in sbrugna...

EUVD-2007-2374

Malware in sbrugna...

EUVD-2008-1325

Malware in sbrugna...

EUVD-2025-25708

Malicious code in bioql PyPI...

EUVD-2025-28671

Malicious code in bioql PyPI...

EUVD-2025-25888

Malicious code in bioql PyPI...

EUVD-2025-25348

Malicious code in bioql PyPI...

EUVD-2025-29368

Malicious code in bioql PyPI...

Viessmann Vitogate 300 BN/MB vitogate.cgi form-0-2 Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Viessmann Vitogate 300 BN/MB devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON payload data provided to the vitogate.cg...

Moderate: perl-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON CVE-2025-40928 For...

CVE-2025-10858 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service DoS condition while uploading specifically crafted large JSON files...

[SECURITY] Fedora 42 Update: perl-Cpanel-JSON-XS-4.40-1.fc42

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

Fedora 41 : perl-Cpanel-JSON-XS (2025-89495f6403)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-89495f6403 advisory. This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON...

[SECURITY] Fedora 41 Update: perl-JSON-XS-4.04-1.fc41

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

BIT-MONGODB-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

GHSA-QHWP-454G-2GV4 Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...