CVE-2026-47306

This CVE (CVE-2026-47306) concerns an Uncontrolled Recursion vulnerability in Samsung Open Source rlottie, allowing Oversized Serialized Data Payloads . Affected version range is rlottie before the commit e2d19e3b150e0e4a9586fa90b56fd3061cc98945. The NVD entries describe potential impact with a C...

PT-2026-46168

Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945...

EUVD-2026-30839

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

SAMSUNG Escargot 安全漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability caused by uncontrolled recursion, which may lead to the handling of...

CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...

CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization

Summary The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes. Payloads like...

CVE-2025-68659 Discourse has DoS vulnerability in username change endpoint

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...

EUVD-2025-7102

Malicious code in bioql PyPI...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with a...

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/http is an a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and C...

CVE-2024-10650

An unauthenticated Denial of Service DoS vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups...

CVE-2024-10650

An unauthenticated Denial of Service DoS vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups...

CVE-2024-10650 Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt

An unauthenticated Denial of Service DoS vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups...

CVE-2024-10650 Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt

An unauthenticated Denial of Service DoS vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups...

PT-2025-12051 · Unknown +1 · Chuanhuchatgpt +1

Name of the Vulnerable Software and Affected Versions: ChuanhuChatGPT version 20240918 Description: A Denial of Service DoS vulnerability was identified in ChuanhuChatGPT, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for a previo...

CVE-2021-46935 binder: fix async_free_space accounting for empty parcels

In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via maliciously crafted data URIs, due to improper user input sanitization in the scrubattribute function. PoC ruby def testsanitizedataprotocol text = '- XSS- XSS' scopeallowedtags %wiframe do...