CVE-2026-21908

A Use After Free vulnerability was identified in the 802.1X authentication daemon dot1xd of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service DoS, or potentially...

ERPNext import_coa function SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...

CVE-2025-52043

In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...

PT-2025-39989

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The import coa function located at erpnext/accounts/doctype/chart of accounts importer/chart of accounts importer.py is susceptible to SQL injection. An attacker can inject a SQL query through the...

MAL-2025-9879 Malicious code in @zalastax/nolb-_coa (npm)

The package @zalastax/nolb-coa was found to contain malicious code...

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts...

New NPM library hijacks (coa and rc)

On Thursday, November 4, 2021, barely more than a week after ua-parser-js was hijacked, another popular NPM library called coa Command-Option-Argument, which is used in React packages around the world, was hijacked to distribute credential-stealing malware. The developer community noticed somethi...

-react-file-list-components (=1.1.1), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +45951 more potentially affected by unknown CVE via coa (>=2.0.0 <=2.0.2)

coa NPM version =2.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 and more Source cves: unknown CVE...

Design/Logic Flaw

A vulnerability in the RADIUS Change of Authorization CoA code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of a malformed...

CVE-2019-12669

CVE-2019-12669 affects Cisco TrustSec’s Change of Authorization (CoA) in Cisco IOS XE. The issue stems from improper handling of malformed CoA packets, allowing unauthenticated, remote attackers to cause a denial of service on affected devices. Reported impact is a network-accessible DoS conditio...

Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability

A vulnerability in the RADIUS Change of Authorization CoA code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of a malformed...

arte-coa.pt XSS vulnerability

Open Bug Bounty ID: OBB-612465 Description| Value ---|--- Affected Website:| arte-coa.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cisco Wireless LAN Controller Multiple DoS

According to its self-reported version, the Cisco Wireless LAN Controller WLC software running on the remote device is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the RADIUS Change of Authorization CoA request processing due to improper...

CVE-2016-9195

A vulnerability in RADIUS Change of Authorization CoA request processing in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a denial of service DoS condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controll...

CVE-2016-9195

CVE-2016-9195 describes a DoS condition in Cisco Wireless LAN Controller (WLC) due to improper validation in RADIUS Change of Authorization (CoA) request processing. An unauthenticated, remote attacker can disconnect a single WLC client connection by sending a crafted CoA packet. Affected softwar...

CVE-2016-9195

A vulnerability in RADIUS Change of Authorization CoA request processing in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a denial of service DoS condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controll...

CVE-2014-0655

The Identity Firewall IDFW functionality in Cisco Adaptive Security Appliance ASA Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization CoA messages, aka Bug ID CSCuj45332...

Design/Logic Flaw

The Identity Firewall IDFW functionality in Cisco Adaptive Security Appliance ASA Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization CoA messages, aka Bug ID CSCuj45332...

CVE-2014-0655

Cisco ASA with Identity Firewall (IDFW) is affected by CVE-2014-0655 due to insufficient validation of RADIUS Change of Authorization (CoA) messages, allowing unauthenticated remote attackers to replay crafted CoA messages and modify the IDFW user cache. This is tied to Bug CSCuj45332. The vulner...