GHSA-F5V8-V6Q3-Q4H6 Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

PT-2026-29418

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open basedir restrictions. This allows an attacker to obtain information about the server's directory structure...

OESA-2026-1553 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ excepti...

Apache OFBiz安全漏洞

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a suite of Java-based web application components and tools. A security vulnerability exists in Apache Ofbiz versions 17.12.01 through 17.12.07, which stems from the...

CVE-2020-11883

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

Infinite Automation Mango Automation Information Disclosure Vulnerability (CNVD-2015-07169)

Infinite Automation Mango Automation is the United States Infinite Automation Systems, Inc. of a set of open source Web-based SCADA data acquisition and supervisory control, HMI and automation software. Infinite Automation Mango Automation 2.5.x and 2.6.x prior to 2.6.0, build 430, suffers from a...