278 matches found
CVE-2025-12094
The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...
CVE-2025-12094 OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing
The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...
EUVD-2025-37313
The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...
GO-2025-4051 Mattermost Server does not enforce rate limits on password change attempts in github.com/mattermost/mattermost-server
Mattermost Server does not enforce rate limits on password change attempts in github.com/mattermost/mattermost-server...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force via insufficient enforcement of authentication attempt limits in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks against OTP, TOTP, or passwor...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force via insufficient enforcement of authentication attempt limits in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks against OTP, TOTP, or passwor...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by sending specially crafted JSON payloads that bypass rate limiting. Note: This is...
Allocation of Resources Without Limits or Throttling
Overview github.com/hashicorp/vault/http is an a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by...
GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...
CVE-2025-12044
Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...
Vault Vulnerable to Denial of Service Due to Rate Limit Regression
Summary Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for HCSEC-2025-24 which allowed for processing JSON payloads before applying rate limits. This vulnerability,...
Forward to Hell? on the Potentials of Misusing Transparent DNS Forwarders in Reflective Amplification Attacks
The DNS infrastructure is infamous for facilitating reflective amplification attacks. Various countermeasures such as server shielding, access control, rate limiting, and protocol restrictions have been implemented. Still, the threat remains throughout the deployment of DNS servers. In this paper...
CVE-2025-56219
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...
EUVD-2021-19486
Malware in sbrugna...
EUVD-2025-5448
Malicious code in bioql PyPI...
EUVD-2025-24637
Malicious code in bioql PyPI...
EUVD-2024-27702
Malicious code in bioql PyPI...
EUVD-2023-0650
Malicious code in bioql PyPI...
EUVD-2023-30935
Malicious code in bioql PyPI...
EUVD-2022-52780
Malicious code in bioql PyPI...