23 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/server/shutdown endpoint handler. An attacker can repeatedly terminate the server process by sending requests to this endpoint, resulting in continuous server downtime and service disruption. Remediati...
EUVD-2018-15734
Malware in sbrugna...
EUVD-2023-45575
Malicious code in bioql PyPI...
EUVD-2025-10960
Malicious code in bioql PyPI...
EUVD-2025-2488
Malicious code in bioql PyPI...
NetScaler 14.1 - STA server marked down
STA server status is Down on Gateway vserver though it is reachable from the NetScaler...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the /3/ImportFiles endpoint. An attacker can cause the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests by recursively...
PYSEC-2025-96
An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...
CVE-2025-25290
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...
CVE-2022-24822
Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...
CVE-2024-39693 Next.js Denial of Service (DoS) condition
Next.js is a React framework. A Denial of Service DoS condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later...
CVE-2023-41043
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...
CVE-2023-41043
Discourse DoS CVE-2023-41043 affects the Discourse platform prior to 3.1.1 (stable) and 3.2.0.beta1 (beta/tests-passed). A malicious admin could generate extremely large icons sprites that are cached per server process, potentially triggering DoS downtime on multisite deployments. The issue is fi...
CVE-2023-41043 Discourse DoS via SvgSprite cache
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...
PT-2023-27756 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 of the stable branch Discourse versions prior to 3.2.0.beta1 of the beta and tests-passed branches Description: A malicious admin could create extremely large icons sprites, which would then be cached in each...
PT-2023-25714 · Unknown · Uptime Kuma
Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.22.1 Description: A path traversal vulnerability allows an authenticated attacker to delete files on the server, leading to unavailability and potentially data loss. Uptime Kuma allows authenticated users to...
CVE-2023-35925 FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
FastAsyncWorldEdit FAWE is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword case-sensitive! and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6...
CVE-2021-41950
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...