76 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf/dwcpcie: fixed duplicate PCIDEV devices. During the platformdeviceregister function, the incorrect use of structdevice as platformdata resulted in a kmemdup operation on the PCIDEV device. Even worse, accessing the...
CVE-2021-47959
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 Denial of Service
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 Denial of Service
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
CVE-2021-47959
WPGraphQL 1.3.5 is affected by a DoS vulnerability: unauthenticated attackers can exhaust server resources by sending batched GraphQL queries with duplicated fields, potentially causing OOM conditions and MySQL connection errors. The provided documents do not include a confirmed patch version or ...
EUVD-2021-34814
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
PT-2026-41340
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
Improper Access Control
@fastify/express is vulnerable to Improper Access Control. The vulnerability is due to incorrect path handling in the onRegister function, where middleware paths are duplicated when inherited by child plugins, causing them to not match incoming requests and resulting in bypass of security control...
Introducing Shadow Data Detection: Reduce Cost and Risk Across Your Cloud
Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface...
PT-2026-21893
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicate post function in includes/api.php using $wpdb-insert directly to the wp postmeta table instead of WordPress's...
Security Bulletin: IBM Event Streams is vulnerable to information disclosure (CVE-2025-49574)
Summary IBM Event Streams is vulnerable to information disclosure due to improper handling of Vert.x duplicated contexts in Quarkus. Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior ...
RUSTSEC-2026-0026 Unnecessary clamping of seed reduces seed entropy to 251 bits
The latest releases of the libcrux-ed25519 crate contains the following bug-fix: 1320: Remove duplicated clamping step during key generation The issue fixed in 1320 was first reported by Nadim Kobeissi...
SUSE-SU-2026:0257-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876...
EUVD-2026-2544
The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
EUVD-2026-2123
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...
EUVD-2026-2312
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
EUVD-2026-1778
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...
EUVD-2026-1560
Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...
EUVD-2026-1258
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3...
EUVD-2025-204824
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...