CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

Malicious code in wm-idp-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2acf2a0d94ec1d2bada80f3251f5ecbea64d78ffadcab2b997b9708c2ae71cd package.json declares "node-fetch": "https://registry.ctzbg.com/wm-idp-sdk/node-fetch" — a direct HTTPS tarball URL hosted on a domain...

Astra Linux - уязвимость в nodejs

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability arises from the fact that the fetch function in Node.js always decodes Brotli, enablin...

CVE-2026-4799

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

CVE-2026-4799

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

CVE-2025-2418

The CVE-2025-2418 entry concerns TR7 Cyber Defense Inc. Web Application Firewall and describes an Open Redirect vulnerability (URL redirection to untrusted site) that can enable phishing. Affected versions are Web Application Firewall 4.30 through 16022026. The reported impact is limited to URL r...

CVE-2025-64250 WordPress Directorist plugin <= 8.6.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

EUVD-2025-198479

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through = 1.7.28...

CVE-2025-62981 WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.8 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Phishing.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through = 1.2.8...

CVE-2025-60151 WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...

EUVD-2022-2598

Malicious code in bioql PyPI...

EUVD-2024-19631

Malicious code in bioql PyPI...

EUVD-2024-34614

Malicious code in bioql PyPI...

BIT-NODE-MIN-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

URL Redirection

org.glassfish.main.web:web-core is vulnerable to a URL Redirection. The vulnerability is due to untrusted URL redirection capabilities in the Apache code included in GlassFish, affecting applications deployed to the root context '/'. It allows an attacker to redirect users to untrusted or malicio...

URL Redirection to Untrusted Site ('Open Redirect')

Overview IdentityServer4 is an OpenID Connect and OAuth 2.0 Framework for ASP.NET Core Affected versions of this package are vulnerable to URL Redirection to Untrusted Site 'Open Redirect' through the commonly used GetAuthorizationContextAsync and IsValidReturnUrl methods which return non-null...

RHEL 9 : nodejs (RHSA-2024:4721)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4721 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory potentially leading to process termination depending on the system configuration.

...

BIT-NODE-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...