CVE-2026-41673

A flaw was found in the xmldom library, a JavaScript module for parsing XML documents. An attacker could exploit this vulnerability by providing a specially crafted, deeply nested XML document. This could lead to a Denial of Service DoS by causing the application to crash due to excessive...

Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers

Summary Unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of echo.Context.RealIP. Details In the first file below, the rate-limit for unauthenticated users can be observed...

PT-2025-50903

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

EUVD-2020-4945

Malware in sbrugna...

EUVD-2004-0613

Malware in sbrugna...

EUVD-2021-26485

Malware in sbrugna...

EUVD-2024-49784

Malicious code in bioql PyPI...

CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

CVE-2025-32376

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

CVE-2024-9199

Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service DoS...

CVE-2024-9199

CVE-2024-9199 affects Clibo Manager v1.1.9.2. The issue is a rate-limit vulnerability in the email-sending flow, which could allow an attacker to flood recipients with emails in a short period and cause a DoS by impacting availability. Public sources consistently reference the vulnerability in Cl...

PT-2024-39483 · Unknown · Clibo Manager

Name of the Vulnerable Software and Affected Versions: Clibo Manager version 1.1.9.2 Description: The issue is related to a rate limit vulnerability that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of servi...

PHPJabbers Meeting Room Booking System Security Vulnerability

PHPJabbers Meeting Room Booking System is a meeting room booking system from the Serbian company PHPJabbers. A security vulnerability exists in PHPJabbers Meeting Room Booking System version 1.0, which originates from a lost rate limit vulnerability...

PHPJabbers Cinema Booking System Security Vulnerability

PHPJabbers Cinema Booking System is a theater booking system from PHPJabbers. A security vulnerability exists in PHPJabbers Cinema Booking System version 1.0, which stems from a lost rate limit vulnerability...

PHPJabbers Event Booking Calendar Security Vulnerability

PHPJabbers Event Booking Calendar is an event calendar application. A security vulnerability exists in PHPJabbers Event Booking Calendar version 4.0, which stems from the presence of multiple lost rate limit vulnerabilities...

RHEL 8 : bind9.16 (RHSA-2023:4037)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4037 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

The vulnerability in the implementation of the GOT Mobile function in the software for graphic control panels from Mitsubishi Electric’s GOT2000 series, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, allows a attacker to carry out a “click hijacking” attack.

The vulnerability of the GOT Mobile function implementation in Mitsubishi Electric’s GOT2000 series graphic control panels, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, is related to an incorrect limitation on the layers or frames that can be displayed in the user interface...

CakePHP SQL注入漏洞

CakePHP is the U.S. CAKE Foundation of a MVC-based architecture , open source Web development framework. The framework has flexible view caching, automatic generation of CRUD code and other features. CakePHP suffers from an SQL injection vulnerability that stems from the CakeDatabaseQuery::limit...

Buffer overflow

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed...

CVE-2021-22438

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed...