GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

PT-2025-43549

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.16.27 HashiCorp Vault Enterprise versions prior to 1.16.27 HashiCorp Vault versions prior to 1.19.11 HashiCorp Vault Enterprise versions prior to 1.19.11 HashiCorp Vault versions prior to 1.20.5 HashiCorp...

EUVD-2023-53841

Malicious code in bioql PyPI...

Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

GHSA-WMXC-V39R-P9WF Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689

Summary: CVE-2024-2689 is a Temporal Server DoS affecting versions 1.20.5, 1.21.6 and 1.22.7 where an authenticated user with workflow permissions can submit an invalid UTF-8 string to trigger a crashloop, causing queue lag and eventual resource exhaustion. The logs may reveal the failing workflo...

PT-2023-31419 · Forgejo · Forgejo

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL. Recommendations: For versions prior to 1.20.5-1, update to...

PT-2023-31417 · Forgejo · Forgejo

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to perform unauthorized actions due to certain endpoints not checking whether an object belongs to a repository for which permissions are being checked. This...

CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

PT-2022-22908 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Import and export users and customers WordPress plugin versions prior to 1.20.5 Description: The issue concerns the improper escaping of data when exporting it via CSV files. This could potentially lead to security issues, although specific...