Astra Linux - уязвимость в node-get-func-name

get-func-name is a module that securely and consistently retrieves the name of a function, both in Node.js and in the browser. Versions prior to 2.0.1 are vulnerable to a denial-of-service attack caused by regular expressions, which can lead to a denial of service when parsing malicious input. Th...

Symlink Attack

Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Symlink Attack via shared task log directory. An attacker can read and write arbitrar...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the redirecturi parameter in multiple endpoints ForgotPassword, MagicLinkLogin, Signup, InviteMembers, OAuthLoginHandler, VerifyEmailHandler which is not validated against AllowedOrigins. An attacker can obtain...

EUVD-2025-29625

Malicious code in bioql PyPI...

CVE-2025-57818 Firecrawl SSRF Vulnerability via malicious webhook

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...

Insufficient Entropy

Overview thinbus-srp is a Secure Remote Password SRP SRP6a implementation. Affected versions of this package are vulnerable to Insufficient Entropy in the toHex function. An attacker can reduce the security margin of the protocol and potentially compromise session confidentiality by exploiting th...

GHSA-G5HG-P3PH-G8QG Multer vulnerable to Denial of Service via unhandled exception

Impact A vulnerability in Multer versions =1.4.4-lts.1, 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0...

CVE-2025-48997 Multer vulnerable to Denial of Service via unhandled exception

Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes ...

PT-2024-32647 · Go-Tuf +1 · Go-Tuf +1

Name of the Vulnerable Software and Affected Versions: go-tuf versions prior to 2.0.1 Description: The go-tuf client inconsistently traces the delegations, which can result in downloading the wrong artifact. For example, if targets delegate to "A" and "B", and "B" delegates to "C", the client...

PT-2024-33642 · WordPress · Widget Bundle

Name of the Vulnerable Software and Affected Versions: Widget Bundle WordPress plugin versions prior to 2.0.1 Description: The issue is related to the lack of CSRF checks when logging widgets. This could allow attackers to make logged-in admins enable or disable widgets via a CSRF attack...

PT-2022-23123 · Pypi · Py-Cord

Name of the Vulnerable Software and Affected Versions: py-cord version 2.0.0 Description: The issue affects py-cord, a Python API wrapper for Discord, allowing remote shutdown of bots if they are added to a server with the application.commands scope without the bot scope. It appears that all publ...

PT-2021-17985 · Npm · Netmask

Name of the Vulnerable Software and Affected Versions: netmask npm package versions 1.0.6 and below netmask npm package versions 2.0.0 Description: The issue is related to improper input validation of octal strings in the netmask npm package, allowing unauthenticated remote attackers to perform...

Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Incident Manager Multiple Vulnerabilities Affected versions: Nagios Incident Manager /nagiosim/reports/download//mttr/ Method = GET POC Payload...