Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a...

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

EUVD-2017-16961

Malware in sbrugna...

EUVD-2025-22766

Malicious code in bioql PyPI...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to the handling of TemporaryFileOperationStatus in TemporaryFileControllerBase.cs and TemporaryFileService.cs. An attacker can upload files to unintended locations to cause disruption of service to other user...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure which allows an attacker to determine the existence of user accounts by analyzing the response times and codes. Remediation Upgrade Umbraco.Cms.Api.Management to version 14.3.2, 15.1.2 or higher. References - GitHub...

Improper Access Control

Overview Affected versions of this package are vulnerable to Improper Access Control due to missing authorization requirements. An authenticated attacker can access unintended endpoints by exploiting the vulnerability. Remediation Upgrade Umbraco.Cms.Api.Management to version 14.1.2 or higher...

CVE-2018-18508

In Network Security Services NSS before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. Mitigation This issue only affects applications compiled against NSS which use CMS Cryptographic Message Syntax API. Other...