3 matches found
CVE-2026-11963
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...
EUVD-2025-0007
Malicious code in bioql PyPI...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient bounds checking on the authorization header. An attacker can cause excessive memory allocation by sending specially crafted requests, potentially leading to servic...