PT-2026-29645

CVE-2025-66487 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or … https://t.co/1omUDkJ3hs...

Malicious code in fashionable_salmon-toolteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74f113cfde4b4150ec3b35ccbf4cbd74152873dd7d858afec982a736a0a9d909 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dono-mangut7-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 961ee2b8341be10f978e3ae4ebb23fc86d6afb0bbc55eb306266aa18b17404a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2024-3302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the...

CVE-2023-51323

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

UBUNTU-CVE-2024-50083

In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ------------ cut here ------------ WARNING:...

The vulnerability of the SLP implementation lies in the insufficient control over the amount of network messages transmitted. This allows a malicious actor, operating remotely, to cause a service failure by registering arbitrary services to create fake UDP traffic.

The vulnerability of the SLP location determination protocol is related to insufficient control over the amount of network messages transmitted. Exploiting this vulnerability allows a malicious actor to cause service failures by registering arbitrary services to create fake UDP traffic...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from an interface that does not perform privilege checks, which could be exploited by an...

CVE-2023-23616 Discourse membership requests lack character limit

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...

PT-2019-1482

Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.10.0.0 SoMachine Basic affected versions not specified Description The issue is related to an incorrect configuration of the Ethernet interface in the Modicon M221 programmable logic controller when the...

Square: Invitation threshold

Hello sir, I found a that the web application does not have proper rate limitation on the web application to prevent flooding to the victim's email with invitation emails. the attacker can send thousand of unwanted and unknown email saying: "You're invited to use Square Appointments Hi, Please se...