GHSA-JCJW-58RV-C452 Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

TL;DR This vulnerability affects all Kirby sites that use option fields checkboxes, color, multiselect, select, radio, tags or toggles with options from a query or API whose values may not be fully trusted. It also affects direct uses of the OptionsApi or OptionsQuery classes of Kirby's Options...

Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

TL;DR This vulnerability affects all Kirby sites that use option fields checkboxes, color, multiselect, select, radio, tags or toggles with options from a query or API whose values may not be fully trusted. It also affects direct uses of the OptionsApi or OptionsQuery classes of Kirby's Options...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

MAL-2025-49070 Malicious code in xo-shipping-options (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c21e6f808603d3ee1f0107b9f7e0a2fbf9f420f9ac6004090593f7fab29c6e92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora: Security Advisory for options (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Vulnerabilities in Cisco Unified Communications Manager

Cisco Unified Communications Manager Unified CM contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could...