624 matches found
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the makeMiddleware function, when dropping a connection during file upload. An attacker can cause resource exhaustion. Details Denial of Service DoS describes a family of attacks,...
Incomplete Cleanup
Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the makeMiddleware function in make-middleware.js. An attacker can cause resource exhaustion by sending malformed requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Incomplete Cleanup
Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the makeMiddleware function in make-middleware.js. An attacker can cause resource exhaustion by sending malformed requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
CVE-2026-2711
A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...
CVE-2026-2711 zhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgery
A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...
CVE-2026-2711
CVE-2026-2711 affects zhutoutoutousan/worldquant-miner
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...
CVE-2021-47871
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
CVE-2021-47871
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
CVE-2021-47871
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
CVE-2021-47871
CVE-2021-47871 affects Hestia Control Panel 1.3.2. An authenticated attacker can exploit the API endpoint index.php via the v-make-tmp-file command to perform arbitrary file writes, potentially placing SSH keys or other content at arbitrary server paths. Impact is high for confidentiality, integr...
CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
PT-2026-3823
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
MiracleLinux 8 : rust-toolset:rhel8 (AXSA:2021-2146:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2146:01 advisory. rust: use-after-free or double free in VecDeque::makecontiguous CVE-2020-36318 rust: memory safety violation in String::retain CVE-2020-36317 Tenabl...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003551)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003551 advisory. In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the sctpmakechunk function net/sctp/smmakechunk.c when handling...
CVE-2023-40752
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
CVE-2024-41265
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function...
mariadb: MariaDB Server Crash Due to Empty Backtrace Log
A flaw was found in MariaDB Server. This vulnerability may allow an attacker to cause a crash via an issue related to makeaggrtablesinfo and optimizestage2, resulting in an empty backtrace log...
ALPRs are recording your daily drive (Lock and Code S06E26)
This week on the Lock and Code podcast … There's an entire surveillance network popping up across the United States that has likely already captured your information, all for the non-suspicion of driving a car. Automated License Plate Readers, or ALPRs, are AI-powered cameras that scan and store ...