CVE-2026-35165 LORIS has incorrect access checks in document_repository

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

CVE-2026-26984

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to...

CVE-2026-26985

CVE-2026-26985 affects LORIS 24.0.0 through versions prior to 26.0.5, 27.0.2, and 28.0.0. A authenticated user with the right permissions can abuse a path traversal flaw in the electrophysiology_browser to read server configuration files that may contain hard-coded credentials, potentially enabli...

EUVD-2024-0790

Malicious code in bioql PyPI...

tls-listener affected by the slow loris vulnerability with default configuration

Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new vulnerable to a slow-loris DoS attack. rust /// Default numbe...

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...