GHSA-685M-2W69-288Q protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

CVE-2026-34557

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input...

CVE-2026-33539

Parse Server SQL injection vulnerability in PostgreSQL adapter (CVE-2026-33539). An attacker with master key access can inject SQL metacharacters into field name parameters of the aggregate $group stage or the distinct operation, enabling arbitrary SQL execution on PostgreSQL and privilege escala...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-42283)

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

EUVD-2019-8935

Malware in sbrugna...

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...

kernel: net: nexthop: Initialize all fields in dumped nexthops

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

PT-2024-20533 · Discourse · Discourse-Group-Membership-Ip-Block

Name of the Vulnerable Software and Affected Versions: discourse-group-membership-ip-block affected versions not specified Description: The discourse-group-membership-ip-block plugin sends all group custom fields to the client, including fields from other plugins that may be expected to remain...

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...