DEBIAN-CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

UBUNTU-CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

PT-2026-28527

Name of the Vulnerable Software and Affected Versions brace-expansion versions prior to 5.0.5 brace-expansion versions prior to 3.0.2 brace-expansion versions prior to 2.0.3 brace-expansion versions prior to 1.1.13 Description The brace-expansion library is susceptible to a denial-of-service...

CVE-2026-29791 Agentgateway: Missing parameter sanitization in MCP to OpenAPI conversion

Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in...

PT-2026-20849

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in...

PT-2026-7003

Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0 Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods when processing BMP image data with unvalidated dimensions. An attacker can cause excessive memory allocation and application unavailability by...

Exploit for Prototype Pollution in Typeorm

CVE-2020-8158: TypeORM Prototype Pollution Vulnerability O...

EUVD-2023-31750

Malicious code in bioql PyPI...

PT-2025-34231 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: A Reflected Cross Site Scripting XSS vulnerability exists in the /index.php endpoint of the software. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response,...

PT-2025-31034 · Code Projects · Exam Form Submission

Name of the Vulnerable Software and Affected Versions: code-projects Exam Form Submission version 1.0 Description: A critical issue exists in code-projects Exam Form Submission 1.0 related to SQL injection. The manipulation of the credits argument in the processing of the file /admin/update s3.ph...

CVE-2022-24722

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the constructor of the Downloader class. An attacker can execute arbitrary JavaScript code in t...

PT-2024-34858 · Saragna · Saragna

Name of the Vulnerable Software and Affected Versions: Saragna versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For Saragna...

PT-2024-33095 · Unknown · Aiml Chatbot

Name of the Vulnerable Software and Affected Versions: AIML Chatbot versions prior to 2.0 Description: The issue is related to Cross Site Scripting XSS, where attackers can inject malicious HTML or JavaScript code through the message input field. The chatbot fails to sanitize these inputs, leadin...

PT-2024-24434 · Unknown · Podlove Podcast Publisher

Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher versions through 4.0.12 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for potential exploitation ...

PT-2023-30507 · Unknown · Mahlamusa Who Hit The Page – Hit Counter

Name of the Vulnerable Software and Affected Versions: Mahlamusa Who Hit The Page – Hit Counter versions 1.4.14.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injectio...

K000130469: node.js systeminformation vulnerability CVE-2021-21315

Security Advisory Description The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Proble...