Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

Allocation of Resources Without Limits or Throttling

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

Allocation of Resources Without Limits or Throttling

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the checkBytesLimits,...

NATS is vulnerable to pre-auth DoS through WebSockets client service

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a WebSockets client service, used in deployments where browsers are the NATS clients. Problem Description A malicious...

CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

CVE-2026-33508

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...

Exploit for CVE-2026-26833

CVE-2026-26833: OS command injection in thumbler Summary...

Allocation of Resources Without Limits or Throttling

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the File Manager’s bulk download functionality due to improper memory management when creating zip archives. An attacker can cau...

Malicious Package

Overview sbx-mask is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview characterai-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview yelp-react-component-badge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview yelp-mobile-site-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious Package

Overview f0-service-address-doctor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

CVE-2026-33308

A flaw was found in modgnutls, a TLS module for Apache HTTPD. Prior to version 0.13.0, the module's client certificate verification process did not properly validate the key purpose specified in the Extended Key Usage EKU extension. This oversight could allow a remote attacker, possessing a valid...

Malicious Package

Overview corehome is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder

A memory exhaustion vulnerability has been identified in ImageMagick when processing specially crafted SVG image files. In vulnerable versions, a maliciously crafted SVG element may trigger an excessively large internal memory allocation on the order of hundreds of gigabytes, causing the...

CLSA-2026-1774344754 vim: Fix of 2 CVEs

CVE-2026-28417: fix OS command injection in netrw plugin via crafted scp:// URIs by adding strict RFC1123 hostname validation and using shellescape for hostname and port values. - CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery by adding bounds checks on pepagecount,...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...

CVE-2026-33308

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

CVE-2026-33308

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...