Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the GenericOAuthService, GithubOAuthService, GoogleOAuthService Auth services. An attacker can gain unauthorized access to another user's session and associated resources by timing concurrent OAuth login requests to...

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

Infinite loop

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by...

Allocation of Resources Without Limits or Throttling

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the mimetex process. An attacker can exhaust server resources and cause service disruption by submitting specially crafted TeX formulas...

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

EUVD-2025-34790

PrestaShop Checkout allows customer account takeover via email...

CVE-2025-61922

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

CVE-2025-61924

CVE-2025-61924 affects PrestaShop Checkout (ps_checkout) in editions prior to 4.4.1 and 5.0.5. The root cause is incorrect use of PHP array_search() in backoffice logic, enabling potential Target PayPal merchant account hijacking. Mitigation: upgrade to 4.4.1 for PrestaShop 1.7/8 (and 5.0.5 for P...

CVE-2025-61922

PrestaShop Checkout (ps_checkout) vulnerability CVE-2025-61922 allows unauthenticated, zero-click account takeover by knowing the victim’s email. Affected versions are prior to 4.4.1 and 5.0.5; patches exist and fix is in 4.4.1 (for PrestaShop 1.7 and 8) and 5.0.5 (for 1.7, 8, and 9). Public expl...

PrestaShop Checkout 安全漏洞

PrestaShop Checkout is an open source checkout payment module from PrestaShopCorp. A security vulnerability exists in PrestaShop Checkout versions prior to 4.4.1 and prior to 5.0.5, which stems from an incorrect use of the PHP arraysearch function and could lead to PayPal merchant account hijacki...

EUVD-2019-14063

Malware in sbrugna...

EUVD-2023-49311

Malicious code in bioql PyPI...

EUVD-2024-20999

Malicious code in bioql PyPI...

EUVD-2022-50205

Malicious code in bioql PyPI...

EUVD-2022-50195

Malicious code in bioql PyPI...

CVE-2024-48234

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...

CVE-2023-35046

Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5...

Ivanti Endpoint Manager Cloud Services Appliance < 5.0.5 Privilege elevation

The version of Ivanti Endpoint Manager Cloud Services Appliance running on the remote host is prior to 5.0.5. It is, therefore, affected by by a local privilege elevation vulnerabilitity where Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticat...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...