PT-2026-3319

Name of the Vulnerable Software and Affected Versions GraphQL Modules versions 2.2.1 through 2.4.0 GraphQL Modules versions 3.1.1 Description GraphQL Modules has an issue where, when two or more parallel requests trigger the same service, the context of the requests can become mixed up within the...

Graphql Modules: Competition Condition Vulnerability

Graphql Modules is a backend framework for GraphQL servers, open-sourced by Hive. Versions of Graphql Modules from 2.2.1 to 2.4.1, as well as versions before 3.1.1, have a race condition vulnerability. This vulnerability stems from context confusion during parallel requests, which may lead to...

EUVD-2023-36567

Malicious code in bioql PyPI...

Exploit for CVE-2024-40094

CVE-2024-40094 ENF ExecutableNormalizedFields Denial of Serv...

Race Condition

decidim is vulnerable to a Race Condition. The vulnerability is due to the system's inability to handle multiple parallel requests for endorsing a resource, such as a proposal, allowing an attacker to endorse the same resource multiple times...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2286)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs...

SUSE CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

PT-2023-8429 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.7 Nextcloud Server versions prior to 26.0.2 Nextcloud Enterprise Server versions prior to 21.0.9.12 Nextcloud Enterprise Server versions prior to 22.2.10.12 Nextcloud Enterprise Server versions prior to...

Nextcloud 安全漏洞

Nextcloud is Germany's Nextcloud company's set of open source self-hosted file synchronization and sharing communication application platform. A security vulnerability exists in Nextcloud Server versions 25.0.7, 26.0.2, Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7,...

CVE-2022-3686

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

CVE-2022-3684

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

Hardcoded credentials

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

CVE-2022-3684 SDM600 endpoint vulnerability

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291. An attacker exploiting this vulnerability could cause an application to be unresponsive by running multiple parallel requests...

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from a problem in the endpoint that can be exploited by an attacker to cause an application to become unresponsive by running multiple parallel requests...

PT-2023-2146 · Hitachi Energy · Sdm600

Name of the Vulnerable Software and Affected Versions: Hitachi Energy System Data Manager SDM600 versions prior to 1.2 FP3 HF4 Build Nr. 1.2.23000.291 Description: A vulnerability exists in the SDM600 endpoint, where an attacker could exploit this issue by running multiple parallel requests,...

USN-5891-1 curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...

AZL-13649 CVE-2023-23915 affecting package cmake for versions less than 3.21.4-5

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...