CVE-2024-11716

While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...

PT-2025-53805

Name of the Vulnerable Software and Affected Versions qs versions prior to 6.14.1 Description A flaw exists in the qs parse modules library where the arrayLimit option does not properly enforce limits when using bracket notation in query strings, leading to a potential HTTP Denial of Service DoS...

SUSE CVE-2024-47835

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character '' in the string line. The pointer returned by this call ...

ALPINE-CVE-2024-47835

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character '' in the string line. The pointer returned by this call ...

UBUNTU-CVE-2024-47835

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character '' in the string line. The pointer returned by this call ...

OSV-2024-868 Use-of-uninitialized-value in evutil_inet_pton

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69173 Crash type: Use-of-uninitialized-value Crash state: evutilinetpton bracketaddrok parseauthority...

GHSA-QG2P-9JWR-MMQF Django vulnerable to Denial of Service

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets...

DEBIAN-CVE-2024-38875

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets...

PYSEC-2024-56

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets...

PT-2024-6225

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue is related to a potential denial of service attack via certain inputs with a very large number of brackets in the urlize and urlizetrunc functions. Th...

SUSE CVE-2009-3431

Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service application crash via a PDF file with a large number of open...

SUSE CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to excessive resource consumption in handleclosebracket. PoC python3 -c 'print"" 10000' Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

UBUNTU-CVE-2023-22486

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handleclosebracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has...

LiquidityPool:getAmountToTransfer() has incorrect calculation due to incorrect bracket placement

Lines of code Vulnerability details Impact In the scenario where the transfer fee exceeds the equilibrium fee, the excess gets credited to the incentive pool. The incentive pool fee added is incentivePooltokenAddress = incentivePooltokenAddress + amount transferFeePerc -...

Nordaaker Convos 跨站脚本漏洞

Nordaaker Convos is an open source web browser-based multi-user chat application from Nordaaker, Norway. Nordaaker Convos suffers from a cross-site scripting vulnerability that stems from the software's lack of effective filtering and escaping of tabbed bracket quotes in the chat window, resultin...

Cross-site Scripting in curly-bracket-parser

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input...

GHSA-RQF8-8C89-MW29 Cross-site Scripting in curly-bracket-parser

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input...

Cross-site Scripting (XSS)

curly-bracket-parser is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser when used as a template library due to lack of user input sanitization...

CVE-2021-23416

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input...