CVE-2026-5365

CVE-2026-5365 affects the WordPress LatePoint plugin up to version 5.3.2. The issue is a Cross-Site Request Forgery caused by missing nonce verification in request_cancellation(), allowing unauthenticated attackers to cancel a logged-in customer’s bookings via a forged request (requires user inte...

CVE-2026-5365 LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the requestcancellation function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings v...

CVE-2026-5365 LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the requestcancellation function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings v...

WordPress plugin LatePoint 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

JLSEC-2026-3 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell...

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

BIT-NGINX-GATEWAY-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

CLSA-2025-1760722427 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

EUVD-2023-0867

Malicious code in bioql PyPI...

EUVD-2024-53844

Malicious code in bioql PyPI...

BIT-TOMCAT-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

USN-7410-1 tomcat9 vulnerability

It was discovered that Tomcat incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause tomcat9 to consume resources, leading to a denial of service...

USN-7410-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause tomcat9 to consume resources, leading to a denial of service...

CLSA-2025-1742319076 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

CVE-2025-24033

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

Unlimited consumption of resources in @fastify/multipart

Impact The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. Patches Fixed in version 8.3.1 and 9.0.3 Workarounds Do not use saveRequestFiles. References This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in...

CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...

CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...

BIT-NODE-MIN-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

USN-6994-1: Netty vulnerabilities

It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. CVE-2023-34462 It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to...

USN-6994-1 netty vulnerabilities

It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. CVE-2023-34462 It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to...