Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the EncodeGroupId function when processing a malformed group-id-list parameter. An attacker can cause the application to panic and terminate unexpectedly by supplying specially crafted input...

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with...

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengths with extremel...

Linux Distros Unpatched Vulnerability : CVE-2021-29495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled ...

Security Bulletin: IBM Event Processing is vulnerable to Improper Authentication

Summary IBM Event Processing's backend contains a version of JDBC driver that may allow unwanted connections. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with...

PT-2025-1493 · WordPress · Webtoffee Wordpress Backup & Migration

Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Backup & Migration versions 1.4.1 and earlier Description: The issue is related to a missing authorization vulnerability in WebToffee WordPress Backup & Migration, which allows exploiting incorrectly configured access...

PT-2024-22368 · Corewcf · Corewcf

Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...

PT-2022-24518 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1 Description: The issue affects event stream subscribers using a token with TTL, allowing them to receive updates until token garbage is collected. Recommendations: For versions...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need...

PT-2021-4588 · Libebml +1 · Libebml +1

Name of the Vulnerable Software and Affected Versions: libebml versions prior to 1.4.2 Description: A flaw was found in the implementation of the EbmlString::ReadData and EbmlUnicodeString::ReadData functions in libebml, which can cause a heap overflow error. This issue is related to writing beyo...

GHSA-968F-66R5-5V74 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)

Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTTP request with invalid data. This updates the existing CVE with ID: CVE-2019-16789 Patches Waitress...