PT-2026-34840

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 times 10000$ pixels. While the compressed file size ...

CVE-2021-39302

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions'org' value...

league/commonmark's quadratic complexity bugs may lead to a denial of service

Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service. Malicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case...

GHSA-C2PC-G5QF-RFRF league/commonmark's quadratic complexity bugs may lead to a denial of service

Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service. Malicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case...

SUSE CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

CVE-2005-3997

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including 1 graphs/bannerdaily.php, 2 graphs/bannerinfobox.php, 3 graphs/banneryearly.php, 4 graphs/bannermonthly.ph...

CVE-2005-3997

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including 1 graphs/bannerdaily.php, 2 graphs/bannerinfobox.php, 3 graphs/banneryearly.php, 4 graphs/bannermonthly.ph...

CVE-2005-3997

CVE-2005-3997 (Zen Cart) affects Zen Cart 1.2.6d and earlier. Under certain PHP configurations, remote attackers can obtain sensitive information by directly requesting files in admin/includes, leaking the web server path in error messages. Affected files include: graphs/banner_daily.php, graphs/...