Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

CVE-2025-0186

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests...

tinyMQTT 资源管理错误漏洞

tinyMQTT is a pre-sorted tree traversal algorithm library developed by 0x7C9A. There is a resource management vulnerability in tinyMQTT; this vulnerability stems from improper protocol handling during the parsing of CONNECT packets, which may lead to exhaustion of server resources. The following...

Tenable Security Center

This module collects credentials and setup information from Tenable Security Center. root or TNS user permissions are required. We don't utilize SC's builtin backup functionality as that requires SC to be shut down. The module works in 2 phases: Phase 1: gather all passwords which can be decrypte...

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

EUVD-2026-21162

PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits...

CVE-2026-40116

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

PGBouncer: Connection Pooling for Managed PostgreSQL Databases

Learn how enabling PGBouncer reduces connection overhead, frees up server resources for query execution and disk caching, and improves performance at scale...

CVE-2025-69198

Pterodactyl panel suffers a race condition in resource locking: before v1.12.0, concurrent requests can bypass per-server resource validation and concurrently create more databases, allocations, or backups than configured, denying resources to other users and potentially exhausting node quotas. T...

python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

EUVD-2025-37393

Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service DoS condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed HTTP connections can exhaust the server’s...

EUVD-2019-0723

Malware in sbrugna...

EUVD-2018-18093

Malware in sbrugna...

EUVD-2016-10541

Malware in sbrugna...

EUVD-2017-3866

Malware in sbrugna...

EUVD-2021-24632

Malware in sbrugna...

EUVD-2023-1525

Malicious code in bioql PyPI...

EUVD-2025-16148

Malicious code in bioql PyPI...

EUVD-2024-3176

Malicious code in bioql PyPI...

EUVD-2017-15873

Malicious code in bioql PyPI...