Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/15 8:39 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request.form. An attacker can exhaust system resources and disrupt service availability by submitting a specially crafted...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:53 p.m.9 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the SnappyStreamDecompressor class, when decompressing malformed framed-format input. An attacker can cause the application to exhaust system resources by providing malicious stream data as small as 15 bytes PoC using...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.333 views

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-42358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFio is a simple C library for reading and writing PDF files. There is a denial of service DOS vulnerability in the TTF parser. Maliciously crafted TTF files c...

6.2CVSS6.1AI score0.00321EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:59 a.m.10 views

CVE-2024-28253

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS9.6AI score0.12527EPSS
Exploits0References1
Snyk
Snyk
added 2024/12/13 8:35 p.m.8 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the remember method of the RemembersQueries trait. An attacker can execute arbitrary code by invoking any function or static method where the callable has no parameters or lacks strict parameter types. PoC...

8.8CVSS7.9AI score0.28571EPSS
Exploits3References2
Rows per page
Query Builder