CVE-2026-9704

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf The current code produces a warning when the total number of characters in the constituent block device names, plus the slashes, exceeds 200. snprintf returns the number of characters generated...

EUVD-2026-8789

ZITADEL's truncated opaque tokens are still valid...

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the maxlength site setting by including html comments that are not counted toward the...

CVE-2023-53886

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service...

CVE-2025-55313

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

Exploit for CVE-2025-10230

CVE-2025-10230 PoC for CVE-2025-10230 - Samb...

EUVD-2022-51532

Malicious code in bioql PyPI...

EUVD-2023-2399

Malicious code in bioql PyPI...

EUVD-2024-36944

Malicious code in bioql PyPI...

EUVD-2022-3488

Malicious code in bioql PyPI...

EUVD-2023-27712

Malicious code in bioql PyPI...

GHSA-QJ5R-2R5P-PHC7 Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

CVE-2021-20185

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side browser denial of service for users receiving very large messages...

CVE-2020-29204

XXL-JOB 2.2.0 allows Stored XSS in Add User to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java...

CVE-2024-6838

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

PT-2025-12167 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version v2.13.2 Description: A potential denial of service issue exists due to the lack of a limit on the experiment name, allowing the creation or renaming of an experiment with a large number of integers in its name. This can...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update

Red Hat OpenShift Service Mesh Containers for 2.6.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

UBUNTU-CVE-2022-48889

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platformdeviceid entry is 20 characters including the trailing NUL byte. The sofnau8825.c file exceeds that, which causes an obscure error message:...