ots has a negative expire override that can bypass its secret retention policy

Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...

GHSA-H5FQ-653G-GXRM ots has a negative expire override that can bypass its secret retention policy

Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...

AZL-77981 CVE-2026-27171 affecting package blosc 1.21.4-2

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

EUVD-2026-4718

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

PT-2026-4863

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

Cardboard security vulnerabilities

Cardboard is an open-source module development interface created by Bukkit for Fabric. Versions of cardboard prior to 1.21.4 contained security vulnerabilities. These vulnerabilities stemmed from improper restrictions on memory buffer operations, which could allow vulnerabilities in the program...

PT-2023-7933 · Go +4 · Go +4

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.20.11 and 1.21.4 Go versions 1.20.11 and 1.21.4 Description: The filepath package does not recognize paths with a ?? prefix as special. On Windows, a path beginning with ?? is a Root Local Device path equivalent to a pa...

MediaWiki Multiple Vulnerabilities -02 (Nov 2015) - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...