AZL-77601 CVE-2026-2391 affecting package js-jquery 3.5.0-4

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

CVE-2022-34192

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...

security flaw

The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...