11632 matches found
CVE-2025-26699
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings...
Microsoft HoloLens 安全漏洞
Microsoft HoloLens is a smart glasses product of Microsoft Corporation USA. Microsoft HoloLens has a security vulnerability that stems from a problem with the pairing request method, which could lead to a denial of service...
CVE-2025-26699
CVE-2025-26699 concerns a potential denial-of-service in Django’s text handling: the wrap() function in django.utils.text and the wordwrap filter can be abused with very long strings. Public sources in the connected documents confirm affected versions: Django 5.1 before 5.1.7, 5.0 before 5.0.13, ...
CVE-2025-26699
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings...
Linux Distros Unpatched Vulnerability : CVE-2024-50117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response...
GHSA-CPWX-VRP4-4PQ7 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends o...
Internet Bug Bounty: [CVE-2025-27220] ReDoS in CGI::Util#escapeElement
The cgi gem contains a vulnerability in the CGI::UtilescapeElement method that is susceptible to Regular Expression Denial of Service ReDoS. This vulnerability has been assigned the CVE identifier CVE-2025-27220. Users are advised to upgrade the cgi gem to address this issue...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Linux Distros Unpatched Vulnerability : CVE-2023-24532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than t...
Linux Distros Unpatched Vulnerability : CVE-2021-47362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization,...
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
UBUNTU-CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
Maharashtra State Electricity Distribution Mahavitran 安全漏洞
Maharashtra State Electricity Distribution Mahavitran is a renewable energy portal of Maharashtra State Electricity Distribution, India. A security vulnerability exists in Maharashtra State Electricity Distribution Mahavitran version 16.1 and earlier, which stems from the use of the GET method fo...
CVE-2021-41719
Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the...
Linux Distros Unpatched Vulnerability : CVE-2018-7182
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ctlgetitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mode 6 packet...
Linux Distros Unpatched Vulnerability : CVE-2018-1000078
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the URIjoin, URImerge, and URI+ methods, which may expose stored credentials from userinfo, after the host is replaced. An attacker can cause a URL to a malicious...
Regular Expression Denial of Service (ReDoS)
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the UtilescapeElement method. An attacker can cause high CPU consumption by providing malicious input. Details Denial of Service...
Denial Of Service (DoS)
Passenger is vulnerable to Denial Of Service DoS. The vulnerability is due to an issue in the HTTP parser during the parsing of a request with an invalid HTTP method, allowing an attacker to exploit this issue...
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...