Security update for cacti (important)

openSUSE Security Update: Security update for cacti Announcement ID: openSUSE-SU-2026:0169-1 Rating: important References: Affected Products: openSUSE Backports SLE-15-SP7 An update that contains security fixes can now be installed. Description: This update for cacti fixes the following issues: -...

CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

CVE-2018-25295

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operati...

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

PT-2026-34645

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

CVE-2018-25243

Microsoft FastTube 1.0.1.0 is affected by a local denial-of-service vulnerability where an excessively long input to the search function (about 1900 characters) can crash the application when the search is executed. The issue is described as a DoS with local access and low attack complexity. No p...

PT-2026-30361

Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to caus...

CVE-2019-25592

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

CVE-2021-47818 DupTerminator 1.4.5639.37199 - Denial of Service

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...

EUVD-2015-0007

Malware in sbrugna...

EUVD-2009-3260

Malware in sbrugna...

EUVD-2014-8011

Malware in sbrugna...

EUVD-2018-9050

Malware in sbrugna...

EUVD-2022-7048

Malicious code in bioql PyPI...

EUVD-2023-34077

Malicious code in bioql PyPI...

FastAPI Guard has a regex bypass

Summary The regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. Details In version 3.0.1, you can find a commit like the one in the link below, which was made to prevent ReDoS...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unadapted input string length that could result in a buffer overflow...

GNU C Stock in Unspecified Vulnerabilities

The GNU C library is a standard library implementation of C developed by the GNU project to provide core API support for Linux systems, and is the basis for most C programs to run. The GNU C library suffers from a security vulnerability. An attacker could exploit the vulnerability to overwrite...

CVE-2020-7058

datainput.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection - Data Input Methods - Unix - Ping Host. NOTE: the vendor has stated "This is a false alarm...

SUSE-SU-2025:0637-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...