9 matches found
CVE-2025-5891
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2025-5891 Unitech pm2 Config.js redos
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2025-5891 Unitech pm2 Config.js redos
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2025-5891
CVE-2025-5891 affects Unitech pm2 (versions up to 6.0.6; also noted in advisories for 6.0.8) due to incorrect handling in /lib/tools/Config.js that enables an inefficient regular expression pattern, resulting in a Regular Expression Denial of Service (ReDoS). The vulnerability is remotely exploit...
Telegram-Nearby-Map - Discover The Location Of Nearby Telegram Users
Telegram Nearby Map uses OpenStreetMap and the official Telegram library to find the position of nearby users. Please note: Telegram's API was updated a while ago to make nearby user distances less precise, preventing exact location calculations. Therefore, Telegram Nearby Map displays users...
GHSA-RQJW-P5VR-C695 Basic-auth app bundle credential exposure in gatsby-source-wordpress
Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
Basic-auth app bundle credential exposure in gatsby-source-wordpress
Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
CVE-2021-32770 Basic-auth app bundle credential exposure in gatsby-source-wordpress
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...
Design/Logic Flaw
DISPUTED Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files ar...