CVE-2026-35202 Pterodactyl has a database resource limit bypass via race condition in Client API

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

[SECURITY] Fedora 44 Update: kwayland-6.6.4-1.fc44

Qt-style API to interact with the wayland-client API...

CVE-2026-4395

The CVE-2026-4395 entry describes a heap-based buffer overflow in wolfSSL wolfcrypt in the KCAPI ECC path, specifically wc_ecc_import_x963_ex(). The vulnerability arises because the WOLFSSL_KCAPI_ECC code copies input into key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlik...

CVE-2026-31863 Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

ROS-20260209-73-0012

A vulnerability in the HTTP Client API component of the OpenSSL cryptographic library is related to reading beyond memory boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

SUSE CVE-2021-2007

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

EUVD-2006-3265

Malware in sbrugna...

EUVD-2015-4736

Malware in sbrugna...

EUVD-2008-1337

Malware in sbrugna...

EUVD-2022-31207

Malicious code in bioql PyPI...

SUSE CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

Linux Distros Unpatched Vulnerability : CVE-2021-35597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

CVE-2015-4719

The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request...

@dm3-org/delivery-service (>=1.4.0 <=1.7.1), @dm3-org/dm3-backend (>=1.0.1 <=1.7.1) +18 more potentially affected by unknown CVE via @dm3-org/dm3-lib-shared (>=1.0.6 <=1.7.2)

@dm3-org/dm3-lib-shared NPM version =1.0.6, =1.4.0, =1.0.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =0.0.1-alpha1, =1.0.5, =1.4.0, =1.0.0, =1.0.7 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-3713...

Malicious code in ui-forms-embed-client-api (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-47651 Parameter Pollution Vulnerability

This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive...

Classic builder cache poisoning

The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache...

PT-2023-20166 · Boxo · Boxo

Name of the Vulnerable Software and Affected Versions: Boxo versions 0.4.0 through 0.5.0 Description: An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory by sending many WANT BLOCK and or WANT HAVE requests which are queued in an unbounded queue, with allocatio...

Debian: Security Advisory (DSA-5307-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...