CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A malicious client can cause an error against the destination's size limit, which would incorrectly be attributed to the destination rather than the client. This could allow an attacker to send large amounts of da...

CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

Improper Validation

Overview Affected versions of this package are vulnerable to Improper Validation. Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to...

VK.com: API: Bug in method auth.signup , дающий возможность бесконечно звонить

Отсутствие flood-контроля в api методе регистрации, что давало возможность отправлять массово смс или звонить на произвольный номер. В API Найдена уязвимость дающая бесконечно звонить и слать смс , лимит запросов можно было обойти. найдена практически такая же уязвимость , как и в репорте...