165 matches found
CVE-2026-48597
The vulnerability CVE-2026-48597 affects elixir-tesla (Tesla) where Tesla.Adapter.Mint.open_conn/2 converts each outgoing request URL scheme to a BEAM atom using String.to_atom(uri.scheme) without an allow-list. Since BEAM atoms are not garbage-collected, an attacker who can influence the request...
PT-2026-45840
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open conn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.to atomuri.scheme with no...
CVE-2026-47067
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...
CVE-2026-47067
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...
EUVD-2026-31114
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...
EEF-CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook
Summary Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 witho...
PT-2026-42180
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.to atom/1 without...
CLSA-2026-1778142227 nginx: Fix of 2 CVEs
CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...
Malicious code in @mesh-atoms/typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec6ac39821bf7c99a476b848fcfccf47089487d33dc8eeb893b9f87e6dc7f847 The package @mesh-atoms/typography was found to contain malicious code...
MAL-2026-2715 Malicious code in @mesh-atoms/typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec6ac39821bf7c99a476b848fcfccf47089487d33dc8eeb893b9f87e6dc7f847 The package @mesh-atoms/typography was found to contain malicious code...
Ash Framework 资源管理错误漏洞
Ash Framework is an open-source framework used for building Elixir applications. Versions of Ash Framework prior to 3.22.0 contained a resource management vulnerability. This vulnerability stems from Ash.Type.Module.castinput/2, which “Elixir.”, thereby creating new Erlang atoms. This could lead ...
EUVD-2020-24929
Malware in sbrugna...
EUVD-2020-24931
Malware in sbrugna...
EUVD-2011-0276
Malware in sbrugna...
EUVD-2008-1739
Malware in sbrugna...
EUVD-2020-24959
Malware in sbrugna...
EUVD-2011-0275
Malware in sbrugna...
EUVD-2017-5240
Malware in sbrugna...
EUVD-2011-3215
Malware in sbrugna...
EUVD-2011-0278
Malware in sbrugna...