3 matches found
CVE-2026-34573
Parse Server exposes a denial-of-service when the GraphQL query complexity validator is enabled (requestComplexity.graphQLDepth or requestComplexity.graphQLFields). In versions prior to 8.6.68 and 9.7.0-alpha.12, a crafted query using binary fan-out fragment spreads can block the Node.js event lo...
rubygem-loofah: XSS vulnerability due to unescaped comments within attributes by libxml2
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...
UBUNTU-CVE-2015-4145
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service memory leak via a crafted message...