BIT-KIBANA-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

PT-2026-29097

Name of the Vulnerable Software and Affected Versions TrueConf versions 8.1.0 through 8.5.2 Description TrueConf Client downloads application update code and applies it without performing integrity or authenticity verification. An attacker capable of influencing the update delivery path, such as ...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF WMV/WMA parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload. Remediation Upgrade...

CVE-2020-37161

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to...

CVE-2025-68934

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

EUVD-2022-46190

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-24999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto...

CVE-2023-41937

Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 both inclusive trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

GHSA-7QGG-VW88-CC99 utils-extend Prototype Pollution

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

CVE-2024-56968

An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload...

INROAD 安全漏洞

INROAD is a digital industrialization application from the Chinese company Isogong Tongzhi INROAD. A security vulnerability exists in versions prior to INROAD v202402060. An attacker exploited the vulnerability to access sensitive information by sending a specially crafted payload to the...

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system CRM developed based on SugarCRM by Vtiger USA. The management system provides functions such as managing, collecting, and analyzing customer information. A security vulnerability exists in Vtiger CRM version 7.4.0, which stems from...

PT-2024-17486 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This issue potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from a vulnerability that allows an attacker to expose files on the server to affected API endpoints via a payload...

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

TRENDnet TEW-820AP 缓冲区错误漏洞

The TRENDnet TEW-820AP is a router from TrendNet, Inc. A security vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, which originates from a contained stack overflow, and can be exploited by an attacker to execute arbitrary code via a crafted payload...

CVE-2022-33189

An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...

Prototype Pollution

Overview open-graph is an Open Graph implementation for Node.js. Affected versions of this package are vulnerable to Prototype Pollution. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. PoC by Snyk // server.js cons...