Security Bulletin: Vault Vulnerable to Denial of Service Due to Rate Limit Regression

Summary Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for HCSEC-2025-24 which allowed for processing JSON payloads before applying rate limits. This vulnerability,...

CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

EUVD-2019-5231

Malware in sbrugna...

EUVD-2021-28703

Malicious code in bioql PyPI...

EUVD-2021-31714

Malicious code in bioql PyPI...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

PT-2025-18795 · Hashicorp +1 · Vault Community +3

Name of the Vulnerable Software and Affected Versions: Vault Community versions prior to 1.19.3 Vault Enterprise versions prior to 1.19.3, 1.18.9, 1.17.16, 1.16.20 Description: The Key/Value kv Version 2 plugin in Vault Community and Vault Enterprise may unintentionally expose sensitive informati...

PT-2023-22666 · Unknown · Helpdezk Community

Name of the Vulnerable Software and Affected Versions: HelpDezk Community version 1.1.10 Description: The issue is related to a SQL injection vulnerability that could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the "jsonGrid route" and extract all the...

Odoo 安全漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management, and financial management. A security...

Odoo 跨站脚本漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...

GitLab 信息泄露漏洞

GitLab is an open source, end-to-end software development platform from US-based GitLab with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An information disclosure vulnerability exists in GitLab Community Edition,...

Odoo Security Vulnerability

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management, financial management and so on. A security...

CVE-2019-13967

iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service application outage via many requests to launch a compile operation. The requests use the pages/exec.php?execenv=production&execmodule=itop-hub-connector&execpage=ajax.php&operation=compile URI. This only affects the...

Design/Logic Flaw

iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service application outage via many requests to launch a compile operation. The requests use the pages/exec.php?execenv=production&execmodule=itop-hub-connector&execpage=ajax.php&operation=compile URI. This only affects the...

Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis

Maltego CE is the community version of Maltego that is available for free after a quick online registration. Maltego CE includes most of the same functionality as the commercial version however it has some limitations. The main limitation with the community version is that the application cannot ...

Qmail SMTP Bash Environment Variable Injection (Shellshock) Exploit

This Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH Shellshock. This flaw works on the latest...