CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

CVE-2026-25754

CVE-2026-25754 affects AdonisJS multipart form-data parsing (package: @adonisjs/bodyparser). The underlying issue is prototype pollution caused by insufficient validation of multipart field names during parsing, allowing manipulation of object prototypes at runtime. Affected versions are AdonisJS...

GHSA-F5X2-VJ4H-VG4C AdonisJS multipart body parsing has Prototype Pollution issue

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

PT-2026-6857

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

@adonisjs/lucid 安全漏洞

@adonisjs/lucid is a database object-relational mapping library open-sourced by the AdonisJS Framework. Versions of @adonisjs/lucid before 10.1.3 and versions before 11.0.0-next.9 have security vulnerabilities. These vulnerabilities stem from prototype pollution in the parsing of multi-part form...

EUVD-2010-5294

Malware in sbrugna...

EUVD-2023-42134

Malicious code in bioql PyPI...

EUVD-2023-42133

Malicious code in bioql PyPI...

EUVD-2025-4099

Malicious code in bioql PyPI...

CVE-2023-38313

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a dobinauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS a Denial-of-Service condition...

CVE-2010-5337

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...

CVE-2025-25285

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

GHSA-MQ6V-W35G-3C97 Local File Inclusion vulnerability in zmarkdown

Impact A minor Local File Inclusion vulnerability has been found in zmarkdown, which allowed for images with a known path on the host machine to be included inside a LaTeX document. To prevent it, a new option has been created that allow to replace invalid paths with a default image instead of...

DEBIAN-CVE-2023-38317

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

openNDS Security Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A security vulnerability exists in openNDS prior to version 10.1.3 that stems from an inability to clean up a network interface name entry in a configuration file, allowing an attacker with direct or indirect access...

OpenNDS Security Vulnerabilities

openNDS is openNDS open source a high performance, small footprint portal system. A security vulnerability exists in OpenNDS prior to version 10.1.3 that stems from an inability to clean up a FAS key entry in a configuration file, allowing an attacker with direct or indirect access to the file to...

OpenNDS Security Vulnerabilities

openNDS is a high-performance, small footprint gateway system from openNDS open source. A security vulnerability exists in OpenNDS prior to version 10.1.3 that stems from an inability to clean up a gateway FQDN entry in a configuration file, allowing an attacker with direct or indirect access to...

CVE-2023-48289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3...

PT-2023-30761 · Unknown · Spreadsheetconverter Import Spreadsheets From Microsoft Excel

Name of the Vulnerable Software and Affected Versions: SpreadsheetConverter Import Spreadsheets from Microsoft Excel versions n/a through 10.1.3 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This mea...