CVE-2024-41659

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

EUVD-2025-21053

Malicious code in bioql PyPI...

EUVD-2024-34995

Malicious code in bioql PyPI...

Fedora 43 : aerc (2025-edd8754757)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-edd8754757 advisory. Automatic update for aerc-0.20.1-3.fc43. Changelog Thu Jun 5 2025 Robin Jarry - 0.20.1-3 - Fix CVE-2025-49466 fedora2370376 Wed Apr 16 2025 Michael J Gruber ...

SUSE CVE-2025-53628

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...

CVE-2025-53628

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...

UBUNTU-CVE-2025-53628

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...

CVE-2025-53628 cpp-httplib does not limit the length of a line

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...

OESA-2025-1613 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

OESA-2025-1612 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

OESA-2025-1611 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

OESA-2025-1610 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

CVE-2024-34699

GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1...

SUSE CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

CVE-2024-34699

GZ::CTF (prior to v0.20.1) is vulnerable to cross-site scripting by unprivileged users attempting to craft team names; fixed in v0.20.1. The CVE-2024-34699 entry shows CVSS 3.1 base score 6.5 (Medium) with Adjacent access, no privileges, user interaction none, and high availability impact. Remedi...

PT-2024-26116 · Gz::Ctf · Gz::Ctf

Name of the Vulnerable Software and Affected Versions: GZ::CTF versions prior to 0.20.1 Description: The issue allows an unprivileged user to perform cross-site scripting attacks on other users by constructing malicious team names. Recommendations: For versions prior to 0.20.1, update to version...

Design/Logic Flaw

Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...

PT-2024-18020 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: Quiche versions prior to 0.19.2 Quiche versions prior to 0.20.1 Description: The issue is related to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connectio...

PT-2023-28913 · Unknown · Tungstenite

Name of the Vulnerable Software and Affected Versions: Tungstenite crate versions prior to 0.20.1 Description: The issue allows remote attackers to cause a denial of service, resulting in minutes of CPU consumption, via an excessive length of an HTTP header in a client handshake. The length affec...

LibRaw stack buffer overflow vulnerability (CNVD-2021-43527)

LibRaw is a library for reading RAW files acquired from digital cameras. A stack buffer overflow vulnerability exists in LibRaw::identifyprocessdngfields in identify.cpp in versions of LibRaw prior to 0.20.1. No detailed vulnerability details are provided at this time...