Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data from LDAP referrals. An attacker can execute arbitrary code or perform unauthorized actions by supplying crafted LDAP referral data. Details Serialization is a process of converting an object into a...

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /changes webhook endpoint. An attacker can exhaust system memory by sending an oversized JSON payload. Remediation Upgrade github.com/mattermost/mattermost-plugin-msteams/serv...

CVE-2020-17508

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

EUVD-2025-112737

Malicious code in html-webpack-plugin-upgrade-remark-enceladus npm...

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

EUVD-2015-1132

Malware in sbrugna...

EUVD-2015-1103

Malware in sbrugna...

EUVD-2015-1111

Malware in sbrugna...

EUVD-2015-1119

Malware in sbrugna...

EUVD-2023-2669

Malicious code in bioql PyPI...

EUVD-2023-1614

Malicious code in bioql PyPI...

EUVD-2022-29585

Malicious code in bioql PyPI...

EUVD-2023-34990

Malicious code in bioql PyPI...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where API keys are not masked. An attacker can obtain sensitive credentials by viewing the exposed API keys during job configuration. Remediation Upgrade...

CVE-2025-46647

A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...

CVE-2015-10101

A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect assignment of cgroup hierarchy. An attacker can cause a denial of service of the Kubernetes node by exploiting this misconfiguration, where some Kubernetes limits are not honored. This...