EEF-CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote...

GHSA-537J-GQPC-P7FQ n8n Vulnerable to XSS via MCP OAuth client

Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...

PT-2025-37099

Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...

PT-2024-28398 · Gl.Inet · X750 +19

Name of the Vulnerable Software and Affected Versions: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3....

CVE-2023-51071

An access control issue in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link...

PT-2023-19708 · Rambus · Rambus Tls Toolkit

Name of the Vulnerable Software and Affected Versions: Matrix SSL versions 4.x through 4.6.0 Rambus TLS Toolkit affected versions not specified Description: The issue is related to a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. This...

PT-2022-3863 · Microsoft · Windows Server +1

Name of the Vulnerable Software and Affected Versions: Windows Server versions prior to the fixed version Description: The issue is related to a tampering vulnerability in the Windows Server service, allowing attackers to affect the system. This vulnerability can lead to authentication coercion,...

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

CVE-2018-1000635

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been...

Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page

Overview When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if th...

CVS "history" command may disclose sensitive information

Overview A vulnerability exists in the history command of Concurrent Versions System CVS. If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user. Description Concurrent Versions System CVS is a...

News Server (NNTP) Information Disclosure

By probing the remote NNTP server, Nessus is able to collect information about it, such as whether it allows remote connections, the number of newsgroups, etc. C Tenable Network Security, Inc. NNTP protocol is defined by RFC 977 NNTP message format is defined by RFC 1036 obsoletes 850; see also R...

WFTPD "Pro" 3.0 R4 Buffer Overflow

WFTP is the Win/NT FTP server by Alun Jones, "an author acknowledged as an expert in FTP and TCP/IP". This advisory pertains to "Professional" version 3.00 R4, which appears to be the current version. It can be downloaded from the author's site at http://www.wftpd.com/. WFTPD is released as...