149 matches found
PT-2026-22019
Name of the Vulnerable Software and Affected Versions LORIS versions prior to 26.0.5 LORIS versions prior to 27.0.2 LORIS versions prior to 28.0.0 Description LORIS is a self-hosted web application used for data and project management in neuroimaging research. An authenticated user with sufficien...
LORIS Neuroimaging Platform 路径遍历漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions 24.0.0 to 26.0.5, 27.0.2, and 28.0.0 of the LORIS Neuroimaging Platform had path traversal vulnerabilities. These vulnerabilities stem from path traversal attacks, which could lead to the reading of...
LORIS Neuroimaging Platform 代码问题漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 26.0.5, 27.0.2, and 28.0.0 contained code vulnerabilities. These vulnerabilities were caused by path traversal exploits, which could lead to arbitrary file uploads and...
PT-2026-22025
Name of the Vulnerable Software and Affected Versions LORIS versions prior to 26.0.5 LORIS versions prior to 27.0.2 LORIS versions prior to 28.0.0 Description LORIS is a self-hosted web application used for data and project management in neuroimaging research. An authenticated user with appropria...
EUVD-2008-0784
Malware in sbrugna...
EUVD-2024-0790
Malicious code in bioql PyPI...
EUVD-2025-21052
Malicious code in bioql PyPI...
Malicious code in test-mlw2-tolas-loris (npm)
The package test-mlw2-tolas-loris was found to contain malicious code...
MAL-2025-36470 Malicious code in test-mlw2-tolas-loris (npm)
The package test-mlw2-tolas-loris was found to contain malicious code...
CVE-2025-53634
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634
CVE-2025-53634 affects Chall-Manager's HTTP Gateway. The vulnerability arises from no timeout on HTTP header processing, enabling a slowloris-style DoS that does not require authentication. A patch was implemented (commit 1385bd8) and shipped in v0.1.4, with remediation guidance to upgrade to tha...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
Chall-Manager 安全漏洞
Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from an unset timeout on the HTTP gateway, which could lead to a denial of service triggered by a slow loris attack...
PT-2025-29155 · Unknown · Callmanager
Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager, a platform-agnostic system for starting Challenges on Demand, is susceptible to a Denial of Service DoS attack via a slow loris attack against its HTTP Gateway. The gateway lac...
CVE-2008-0774
Cross-site scripting XSS vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotelname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...
Malicious code in baby-loris (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9155edd098ee3fed04541b192087704f5a42b1f149bdd0f4f487d7e0ae941870 The OpenSSF Package Analysis project identified 'baby-loris' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...
MAL-2024-11911 Malicious code in baby-loris (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9155edd098ee3fed04541b192087704f5a42b1f149bdd0f4f487d7e0ae941870 The OpenSSF Package Analysis project identified 'baby-loris' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...
SUSE CVE-2024-28854
tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...