22 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54273
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that...
SUSE CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
Linux Distros Unpatched Vulnerability : CVE-2026-48524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT wi...
PYSEC-2026-177
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
DEBIAN-CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
Missing Authentication for Critical Function
Overview gmaps-mcp is a MCP server for Google Maps — places search, directions, geocoding. Works with Claude Desktop, Cursor, Claude Code. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the HTTP authentication process. An attacker can make...
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers
Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of...
CVE-2025-66473
XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...
EUVD-2025-201094
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
PT-2024-35799 · Trend Micro · Trend Micro Security
Name of the Vulnerable Software and Affected Versions: Trend Micro ID Security versions 3.0 and below Description: The issue allows an attacker to send an unlimited number of email verification requests without restriction, potentially leading to abuse or denial of service. Recommendations: For...
Trend Micro ID Security 安全漏洞
Trend Micro ID Security is an all-in-one ad blocker, password manager, and privacy-enhancing browser extension from Trend Micro. A security vulnerability exists in Trend Micro ID Security 3.0 and prior versions, which stems from a vulnerability that could allow an attacker to send an unlimited...
IBM Cognos Analytics Denial of Service Vulnerability (CNVD-2024-15372)
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A denial of service...
CVE-2022-34357
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for oth...
IBM Cognos Analytics 安全漏洞
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A denial of service...
CVE-2023-3222
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...
Vapor's Metrics integration could cause a system drain
This is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app with the following attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create “unlimited” counters and timers, which will eventually drain the system. 2...
SUSE CVE-2021-28148
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service DoS...
Bypass All Captchas in the application
Description Bypass Captcha while adding a new Proposal for a new FAQ or Add question ,And send unlimited request without submit captcha code. Proof of Concept https://drive.google.com/file/d/140CMe4FLFLBmIUUbI8706bZ4zs4d7N/view?usp=sharing...
Beijing Huijinxing Real Estate Brokerage Co., Ltd. magic sale APP has SMS bombing vulnerability
MagicSale is a new home distribution platform for institutional cooperation, helping brokers of cooperating institutions to effectively develop "inventory customers" in their hands, corresponding their needs to the new home market, and securely realizing the income of institutions and brokers. Th...