CVE-2025-48888

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

SUSE CVE-2025-48888

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

CVE-2025-48888

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

CVE-2025-48997

Summary of CVE-2025-48997 (Multer DoS) : Multer, a Node.js middleware for multipart/form-data, is vulnerable starting in version 1.4.4-lts.1 up to but not including 2.0.1. An attacker can trigger a Denial of Service by sending an upload request with an empty string field name, causing an unhandle...

CVE-2025-48997 Multer vulnerable to Denial of Service via unhandled exception

Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes ...

CVE-2025-5411

Mist Community Edition

CVE-2023-36812

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

CVE-2023-30848

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...

CVE-2023-28438

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...

CVE-2023-28429

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

CVE-2022-4927

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...

CVE-2022-39281

fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...

CVE-2022-3963

A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fmid leads to cross site scripting. It is possible to launch the attack remotely. Upgrading ...

CVE-2021-41194

FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if createusers=True and t...

CVE-2020-36826

A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to...

CVE-2010-10004

A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The...

CVE-2018-25061

A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The...

CVE-2015-10005

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of t...

PT-2025-22567 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.8.0 through 1.8.12 Description: OpenFGA is an authorization/permission engine. The issue arises when certain Check and ListObject calls are executed under specific conditions. These conditions include: calling Check API or...

CVE-2025-47944 Multer vulnerable to Denial of Service from maliciously crafted requests

Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. This request causes an unhandled...