EUVD-2022-4109

Malicious code in bioql PyPI...

Viessmann Vitogate 300 BN/MB vitogate.cgi form-0-2 Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Viessmann Vitogate 300 BN/MB devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON payload data provided to the vitogate.cg...

Moderate: perl-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON CVE-2025-40928 For...

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

...

CVE-2025-10858 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service DoS condition while uploading specifically crafted large JSON files...

CVE-2025-59362

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...

CVE-2025-59362

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: gobuster, wire-go, dapr, aactl, helm-operator, mongo-tools, nri-haproxy, prometheus, grafana-pyroscope, kubernetes-csi-driver-hostpath, mattermost, kor, plugin-barman-cloud, helm-set-status, cloud-provider-gcp-cloud-controller-manager, cluster-api-azure-controller,...

State-Of-The-Art in Software Security Visualization: a Systematic Review

Software security visualization is an interdisciplinary field that combines the technical complexity of cybersecurity, including threat intelligence and compliance monitoring, with visual analytics, transforming complex security data into easily digestible visual formats. As software systems get...

[SECURITY] Fedora 42 Update: perl-Cpanel-JSON-XS-4.40-1.fc42

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

Fedora 41 : perl-Cpanel-JSON-XS (2025-89495f6403)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-89495f6403 advisory. This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON...

[SECURITY] Fedora 41 Update: perl-JSON-XS-4.04-1.fc41

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

BIT-MONGODB-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

GHSA-QHWP-454G-2GV4 Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

Uncontrolled Recursion

Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Uncontrolled Recursion via the sanitize function in...

GHSA-Q86R-GWQC-JX85 Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies to get executed...

AZL-67079 CVE-2025-40928 affecting package perl-JSON-XS for versions less than 4.04-1

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...

DEBIAN-CVE-2025-40928

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...