Security Bulletin: Boundary Workers Vulnerable to Denial of Service During TLS Handshake

Summary Boundary Community Edition and Boundary Enterprise “Boundary” workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client...

HashiCorp Boundary 安全漏洞

HashiCorp Boundary is an open-source solution developed by HashiCorp in the United States. It enables secure, identity-based access for users across different environments to hosts and services. There are security vulnerabilities in versions of HashiCorp Boundary prior to 0.21.3, 0.20.3, and...

PT-2026-36926

Name of the Vulnerable Software and Affected Versions Boundary Community Edition versions prior to 0.21.3 Boundary Community Edition versions prior to 0.20.3 Boundary Community Edition versions prior to 0.19.5 Boundary Enterprise versions prior to 0.21.3 Boundary Enterprise versions prior to 0.20...

EUVD-2026-20964

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

Linux Distros Unpatched Vulnerability : CVE-2025-43962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the...

CVE-2024-34795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through = 0.21.3...

buildx allows a possible credential leakage to telemetry endpoint

Impact Some cache backends allow configuring their credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. If this was done by the user, these secure values could be captured together with OpenTelemetry trace as part of the arguments and flags for the...

WordPress Tainacan Plugin <= 0.21.3 is vulnerable to Cross Site Scripting (XSS)

Software Tainacan Type Plugin Vulnerable versions = 0.21.3 Fixed in 0.21.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34794 Patch priority Medium CVSS severity Medium 7.1 Developer Tainacan Community PSID de6ca39cfb12 Credits LVT-tholv2k Required privilege...

VulnCheck KEV: CVE-2024-34794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through = 0.21.3...

nuxt-api-party Code Issues Vulnerabilities

nuxt-api-party is an open source module by Johann Schopplich Individual Developer for proxying API requests. A code issue vulnerability exists in nuxt-api-party version 0.21.3 and later, which stems from allowing a user to abuse the retry logic, causing the server to crash due to a stack overflow...

nuxt-api-party Code Issue Vulnerability

nuxt-api-party is an open source module by Johann Schopplich, an individual developer, for proxying API requests. A code issue vulnerability exists in nuxt-api-party version 0.21.3, which stems from lax URL detection, where absolute URLs with leading spaces can bypass this regular expression,...

CVE-2021-32782 Cross-Site Scripting in Nextcloud Circles

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...