DEBIAN-CVE-2026-45300

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

Astra Linux - уязвимость в pygments

A ReDoS issue was discovered in the pygments/lexers/smithy.py file within pygments, as of version 2.15.0, due to the use of SmithyLexer...

GHSA-337M-MW94-2V6G Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

UBUNTU-CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

EUVD-2026-30133

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

Cowboy 安全漏洞

Cowboy is a lightweight and high-performance HTTP server based on Erlang/OTP, developed by Nine Nines. Versions of Cowboy from 2.0.0 to 2.15.0 contained security vulnerabilities. These vulnerabilities stemmed from unlimited buffer accumulation during multipart header parsing. This could allow...

CVE-2026-4404 Use of hard coded credentials in GoHarbor Harbor

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

WordPress OldStory Theme <= 2.15.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme OldStory versions = 2.15.0...

Security Bulletin: Jackson-Core Prior to 2.15.0 Due to Unbounded Nesting in JSON Input

Summary jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is...

jackson-core can throw a StackoverflowError when processing deeply nested data

Impact With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. Patches jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input...

CVE-2024-6095

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...

PT-2024-37382 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai versions 2.15.0 Description: A vulnerability in the "/models/apply" endpoint allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the...

CVE-2024-4596

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...

CVE-2024-4596

CVE-2024-4596 affects Kimai up to 2.15.0, with information disclosure via manipulation of PHPSESSIONID in the Session Handler. The issue may be exploited remotely; attack complexity is reported as high and exploitation is considered difficult. Upgrading to Kimai 2.16.0 addresses the vulnerability...

Kimai 信息泄露漏洞

kimai is a web-based multi-user time tracking application from the individual developer of kimai. An information disclosure vulnerability exists in Kimai version 2.15.0 and prior versions, which stems from an incorrect manipulation of the PHPSESSIONID parameter that can lead to information...

DEBIAN-CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

PYSEC-2023-117

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

PT-2023-26063 · Unknown · Fast-Poster

Name of the Vulnerable Software and Affected Versions: fast-poster version 2.15.0 Description: The issue concerns a Cross Site Scripting XSS problem. Specifically, it involves the upload of files, where the check for image files is performed based on binary data but does not strictly verify the...

ai.apiverse:apipulse (>='1.0.3' <=1.0.20), ai.eto:rikai_2.12 (>=0.0.2 <=0.0.13) +5296 more potentially affected by CVE-2021-44228 +1 more via org.apache.logging.log4j:log4j-core (>=2.13.0 <=2.15.0)

org.apache.logging.log4j:log4j-core MAVEN version =2.13.0, ='1.0.3', =0.0.2, =2.1.0, =3.32.1.7, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =0.2.3, =0.2.4 and more Source cves: CVE-2021-44228, CVE-2021-45046 Source advisory: OSV:GHSA-7RJR-3Q55-VV33...