15 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...
CVE-2026-6321
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...
CVE-2026-33250
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...
CVE-2026-33250
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...
CVE-2026-33250 Crash when receiving specially-crafted packets
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...
SUSE CVE-2026-33250
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...
SUSE CVE-2026-26014
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...
Function Call With Incorrect Order of Arguments
Overview Affected versions of this package are vulnerable to Function Call With Incorrect Order of Arguments due to the incorrect handling of the SECRETKEYFALLBACKS configuration. An attacker can exploit this to sign sessions with stale keys, potentially impeding the transition to fresher keys...
HTTP Request Smuggling
Overview io.ktor:ktor-client-cio is a framework for quickly creating web applications in Kotlin with minimal effort. Affected versions of this package are vulnerable to HTTP Request Smuggling due to a race condition between multiple coroutines using the same thread. Remediation Upgrade...
PT-2023-29429 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. The issue allows new chat messages to be read by making an unauthenticated POST request to MessageBus. There...
PT-2023-29222 · Nginx +1 · Nginx +1
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running o...
PT-2023-29226 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 Discourse versions prior to 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hide user profiles from public i...
PT-2023-10208 · Kelvinmo · Simplexrd
Name of the Vulnerable Software and Affected Versions: kelvinmo simplexrd versions up to 3.1.0 Description: A vulnerability was found in the file simplexrd/simplexrd.class.php, which leads to xml external entity reference. This issue affects unknown code and can be addressed by upgrading to versi...
PT-2022-11692 · Unknown · Starcounter-Jack Json-Patch
Name of the Vulnerable Software and Affected Versions: Starcounter-Jack JSON-Patch versions up to 3.1.0 Description: A vulnerability has been found in Starcounter-Jack JSON-Patch, classified as problematic. This issue affects unknown code and leads to improperly controlled modification of object...