Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the EncodeGroupId function when processing a malformed group-id-list parameter. An attacker can cause the application to panic and terminate unexpectedly by supplying specially crafted input...

GHSA-9VPH-2HVM-X66G Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with...

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengths with extremel...

PT-2025-47405

Name of the Vulnerable Software and Affected Versions joserfc versions 1.3.3 through 1.3.4 joserfc versions 1.4.0 through 1.4.1 Description The joserfc library has an issue where excessively large JWT JSON Web Token payloads can be logged, potentially leading to resource exhaustion. Specifically,...

Linux Distros Unpatched Vulnerability : CVE-2021-29495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled ...

Security Bulletin: IBM Event Processing is vulnerable to Improper Authentication

Summary IBM Event Processing's backend contains a version of JDBC driver that may allow unwanted connections. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the JSONFileDocumentDatabase during delete and update operations. Remediation Upgrade parlant to version 1.4.2 or higher. References - GitHub Commit...

PT-2025-1493 · WordPress · Webtoffee Wordpress Backup & Migration

Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Backup & Migration versions 1.4.1 and earlier Description: The issue is related to a missing authorization vulnerability in WebToffee WordPress Backup & Migration, which allows exploiting incorrectly configured access...

PT-2024-22368 · Corewcf · Corewcf

Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...

PT-2023-32988 · Unknown +1 · Cheqd-Node +1

Name of the Vulnerable Software and Affected Versions: ibc-go versions prior to v6.1.1 cheqd-node versions prior to v1.4.2 Description: This issue has a low severity in general, with low impact and likelihood of exploitation. However, depending on the full node architecture, it could potentially...

PT-2022-24518 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1 Description: The issue affects event stream subscribers using a token with TTL, allowing them to receive updates until token garbage is collected. Recommendations: For versions...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need...

PT-2021-4588 · Libebml +1 · Libebml +1

Name of the Vulnerable Software and Affected Versions: libebml versions prior to 1.4.2 Description: A flaw was found in the implementation of the EbmlString::ReadData and EbmlUnicodeString::ReadData functions in libebml, which can cause a heap overflow error. This issue is related to writing beyo...

GHSA-968F-66R5-5V74 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)

Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTTP request with invalid data. This updates the existing CVE with ID: CVE-2019-16789 Patches Waitress...

PT-2019-6234 · Waitress +3 · Waitress +3

Name of the Vulnerable Software and Affected Versions: Waitress versions 1.4.0 and earlier Description: The issue is related to the incorrect handling of special whitespace characters in the Transfer-Encoding header, which can lead to HTTP request smuggling and potentially result in cache poisoni...