6 matches found
Allocation of Resources Without Limits or Throttling
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request.form. An attacker can exhaust system resources and disrupt service availability by submitting a specially crafted...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the SnappyStreamDecompressor class, when decompressing malformed framed-format input. An attacker can cause the application to exhaust system resources by providing malicious stream data as small as 15 bytes PoC using...
📄 glFusion 1.3.0 Blind SQL Injection
A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...
Linux Distros Unpatched Vulnerability : CVE-2024-42358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFio is a simple C library for reading and writing PDF files. There is a denial of service DOS vulnerability in the TTF parser. Maliciously crafted TTF files c...
CVE-2024-28253
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the remember method of the RemembersQueries trait. An attacker can execute arbitrary code by invoking any function or static method where the callable has no parameters or lacks strict parameter types. PoC...