CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 Denial of Service

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

EUVD-2007-5153

Malware in sbrugna...

EUVD-2019-3220

Malware in sbrugna...

EUVD-2022-4051

Malicious code in bioql PyPI...

[SECURITY] [DLA 4305-2] firefox-esr regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4305-2 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2025 https://wiki.debian.org/LTS -...

redis,valkey -- DoS Vulnerability due to bad connection error handling

@julienperriercornet reports: An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service...

Windows 365 Cloud PC VDAs registration getting stuck at initializing state

Windows 365 Cloud PC VDAs getting stuck at initializing state, users cannot access the desktop On the VDA, Citrix Gateway service NGS logs located in "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Citrix\Ngs" directory will show the below errors. TimeStamp=2025-03-18T07:18:59.591082Z...

kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

A flaw was found in the Linux kernel in which a system crash can occur if there are certain errors establishing RPC-over-RDMA connections...

GO-2022-0502 Weave GitOps leaked cluster credentials into logs on connection errors in github.com/weaveworks/weave-gitops

Weave GitOps leaked cluster credentials into logs on connection errors in github.com/weaveworks/weave-gitops...

UBUNTU-CVE-2024-7885

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

Citrix Virtual Apps and Desktop - Machine Creation (MCS, PVS, App Layering)

Introduction This article is a summary of the top support articles related to Machine Creation including MCS, PVS and App Layering Top Support Knowledge Content Host Connections and Resource Errors CTX224551 - Delivery Controller cannot contact vCenter server after certificate update on vCenter...

Error: "The system was not configured correctly"” Appears when Provisioning Services Console Fails to Connect to Farm

The Provisioning Services Console fails to connect to the farm and displays one of the following error messages: “The system setup is not correct.” or "The system was not configured correctly" The Event logs register a series of Event 11 with StreamProcess as the source: “Cannot establish a...

CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

PT-2023-4726 · Plk-100 · Plk-100

Name of the Vulnerable Software and Affected Versions: PLK-100 affected versions not specified Description: The issue is related to errors in TCP connection processing. It may allow a remote attacker to cause a denial of service. Recommendations: At the moment, there is no information about a new...

GHSA-XGGC-QPRG-X6MW Weave GitOps leaked cluster credentials into logs on connection errors

Impact A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster...

wildfly: resource adapter logs plaintext JMS password at warning level on connection error

A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data...

PT-2021-3742 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: The issue is related to errors in creating connections with directories in the Edge Installer component of Microsoft Edge, allowing an attacker to potentially elevate privileges and...

WordPress WPGraphQL 1.3.5 Denial Of Service

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...

WPGraphQL < 1.3.6 - Denial of Service

The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...

Citrix Receiver Does Not Respond When Opening Applications to XenApp Servers

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. When opening applications to XenApp servers, there is no response at the Launching… prompt, as shown...