211 matches found
GHSA-CG4J-Q9V8-6V38 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...
PT-2026-27256
Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The NumberToDelimitedConverter component utilizes a regular expression with gsub! to insert thousands...
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...
DEBIAN-CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...
OESA-2026-1349 tinyxml2 security update
TinyXML-2 is a simple, small, efficient, C++ XML parser that can be easily integrated into other programs. TinyXML-2 parses an XML document, and builds from that a Document Object Model DOM that can be read, modified, and saved. Security Fixes: TinyXML2 through 10.0.0 has a reachable assertion fo...
EUVD-2026-4011
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through = 2.3.0...
MiracleLinux 8 : dhcp-4.3.6-44.el8.1 (AXSA:2021-2197:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2197:04 advisory. dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient CVE-2021-25217 Tenab...
EUVD-2026-0506
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
RockyLinux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:2763)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2763 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...
CVE-2025-14002
CVE-2025-14002 — The WPCOM Member plugin for WordPress allows authentication bypass via brute force. Root cause: weak OTP generation (6 digits) with a 10-minute validity and no rate limiting on verification attempts. Impact: unauthenticated attackers can log in as any user (including admins) if t...
EUVD-2025-37768
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa – Mitigation of integer overflows in DIVROUNDUP. Herbert notes that DIVROUNDUP may cause unnecessary overflows if the -keysize callback of an ecdsa implementation returns an unusually large value. Instead, Herbert...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the jsbigintfromstring function when parsing strings with an excessively large number of digits. An attacker can cause a heap out-of-bounds write by supplying a crafted string input that triggers an...
Discord warns users after data stolen in third-party breach
Popular social platform Discord has suffered a data breach—though technically, it wasn’t Discord itself that was hacked. A third-party customer support provider was compromised, allowing attackers to access Discord’s user data. Either way, it’s Discord users who feel the impact. The breach, which...
EUVD-2020-21812
Malware in sbrugna...
EUVD-2016-6009
Malware in sbrugna...
EUVD-2022-53462
Malicious code in bioql PyPI...
Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks
It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post, I’ll walk you through how old data leaks, lazy telecom verification, and a...