PT-2026-38315

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description The device list endpoint accepts user-controlled identifiers that are passed directly as BSON/SQL keys in the database layer without validation. This occurs in the name field of each filter propert...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.0 Vulnerability Details CVEID:CVE-2025-58767 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need ...

Design/Logic Flaw

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...