Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/server/shutdown endpoint handler. An attacker can repeatedly terminate the server process by sending requests to this endpoint, resulting in continuous server downtime and service disruption. Remediati...

EUVD-2018-15734

Malware in sbrugna...

EUVD-2025-10960

Malicious code in bioql PyPI...

EUVD-2025-2488

Malicious code in bioql PyPI...

EUVD-2023-45575

Malicious code in bioql PyPI...

NetScaler 14.1 - STA server marked down

STA server status is Down on Gateway vserver though it is reachable from the NetScaler...

CVE-2023-41043

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the /3/ImportFiles endpoint. An attacker can cause the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests by recursively...

PYSEC-2025-96

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...

CVE-2025-25290

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

CVE-2022-24822

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

CVE-2024-39693 Next.js Denial of Service (DoS) condition

Next.js is a React framework. A Denial of Service DoS condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later...

CVE-2023-41043

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

CVE-2023-41043

Discourse DoS CVE-2023-41043 affects the Discourse platform prior to 3.1.1 (stable) and 3.2.0.beta1 (beta/tests-passed). A malicious admin could generate extremely large icons sprites that are cached per server process, potentially triggering DoS downtime on multisite deployments. The issue is fi...

CVE-2023-41043 Discourse DoS via SvgSprite cache

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

PT-2023-27756 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 of the stable branch Discourse versions prior to 3.2.0.beta1 of the beta and tests-passed branches Description: A malicious admin could create extremely large icons sprites, which would then be cached in each...

PT-2023-25714 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.22.1 Description: A path traversal vulnerability allows an authenticated attacker to delete files on the server, leading to unavailability and potentially data loss. Uptime Kuma allows authenticated users to...

CVE-2023-35925 FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption

FastAsyncWorldEdit FAWE is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword case-sensitive! and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6...