Allocation of Resources Without Limits or Throttling

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the checkBytesLimits,...

PT-2026-27617

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server, a high-performance server for NATS.io, contains an issue where users with JetStream admin API access to restore one stream could restore to oth...

CVE-2023-43318

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests...

CVE-2020-10974

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3,...

CVE-2020-10971

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...

EUVD-2024-3549

Malicious code in bioql PyPI...

EUVD-2022-1345

Malicious code in bioql PyPI...

EUVD-2025-11085

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-30215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11....

Security Bulletin: Astronomer with IBM is vulnerable to API abuse due to the NATS-Server package (CVE-2025-30215)

Summary NATS-Server is used by Astronomer with IBM as part of the messaging functionality. Vulnerability Details CVEID:CVE-2025-30215 DESCRIPTION: NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27...

Security Bulletin: A flaw was found in NATS-SERVER which affect IBM watsonx.data

Summary ATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially...

CVE-2024-56329

Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...

Improper Authorization

github.com/nats-io/nats-server is vulnerable to Improper Authorization. The vulnerability is due to missing access restrictions due to certain JetStream management API requests lacking proper access controls, allowing unauthorized administrative actions across accounts...

CBL Mariner 2.0 Security Update: telegraf (CVE-2025-30215)

The version of telegraf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30215 advisory. - NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In...

NATS-Server Fails to Authorize Certain Jetstream Admin APIs

...

BIT-NATS-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

CVE-2025-30215

A flaw was found in NATS-SERVER. In affected versions of NATS-SERVER, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some JS API requests...

DEBIAN-CVE-2025-30215

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

AZL-60399 CVE-2025-30215 affecting package telegraf for versions less than 1.29.4-15

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

AZL-60406 CVE-2025-30215 affecting package telegraf for versions less than 1.31.0-9

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...