EUVD-2026-26715

Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion...

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1083 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:GHSA-J3MH-QMJJ-XP83...

osctrl 操作系统命令注入漏洞

OsCtrl is an open-source management software for OsQuery by JMP Security. Versions of OsCtrl prior to 0.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from OS command injection in the OsCtrl-admin environment configuration, which could lead...

EUVD-2025-24266

Malicious code in bioql PyPI...

CVE-2025-55164

content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called proto, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves...

@backstage/backend-dynamic-feature-service (>=0.4.4-next.0 <=0.5.0-next.3), @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20241017023338 <=1.27.0-next.3) +10 more potentially affected by CVE-2024-53983 via @backstage/plugin-scaffolder-node (>=0.5.0 <=0.5.1-next.3)

@backstage/plugin-scaffolder-node NPM version =0.5.0, =0.4.4-next.0, =0.0.0-nightly-20241017023338, =0.2.2-next.0, =0.3.2-next.0, =0.2.2-next.0, =0.2.2-next.0, =0.2.2-next.0, =0.2.2-next.0, =0.2.2-next.0, =0.2.2-next.0, =0.4.3-next.0, =0.1.15-next.0, =0.1.15-next.3 Source cves: CVE-2024-53983...

PT-2024-24408 · Unknown · Crony Cronjob Manager

Name of the Vulnerable Software and Affected Versions: Crony Cronjob Manager versions 0.5.0 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the...

Appwrite Security Vulnerabilities

Appwrite is Appwrite open source an end-to-end backend server . Used to package into a set of Docker microservices for web, mobile, native or backend applications. A security vulnerability exists in Appwrite versions 0.5.0 through 0.12.2, which stems from an ACME-challenge endpoint that allows...

CVE-2023-27510

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry...

UBUNTU-CVE-2019-14802

HashiCorp Nomad 0.5.0 through 0.9.4 fixed in 0.9.5 reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template...

UBUNTU-CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acrylic/acrylic (>=0.1.0 <=0.1.2) +90 more potentially affected by unknown CVE via serialize-to-js (>=0.5.0 <=1.2.2)

serialize-to-js NPM version =0.5.0, =1.11.1, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.2.2, =3.2.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5Q7-3PR9-X44W...

Apache Fineract SQL Injection Vulnerability

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Software Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. A SQL injection vulnerability...

CVE-2012-1384

Unspecified vulnerability in the NetEase Pmail com.netease.rpmms application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors...