759 matches found
OpenMetaData - SpEL Injection in PUT /api/v1/policies
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
CVE-2026-54283 Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS
Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...
CVE-2026-54283
Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...
CVE-2025-69175
Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...
CVE-2026-39580
The CVE-2026-39580 entry covers an Unauthenticated PHP Object Injection in the WordPress theme Micdrop versions up to 1.3.1 . The affected component is the Micdrop WordPress theme; the root cause is a PHP Object Injection vulnerability in versions
PT-2026-50108
Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...
Allocation of Resources Without Limits or Throttling
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request.form. An attacker can exhaust system resources and disrupt service availability by submitting a specially crafted...
NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names
NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.1...
CVE-2026-46558
Plane is an open-source project management tool. The CVE-2026-46558 issue exists in versions prior to 1.3.1 and is a cross-workspace asset authorization bypass that allowed any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This indicates a loss of acces...
EUVD-2026-36066
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...
CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...
CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...
PT-2026-48461
šØ CVE-2026-46558 Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1. š@cveNotify...
š Quick Playground for WordPress 1.3.1 Shell Upload
Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 ā...
CVE-2026-40102
Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...
CVE-2026-39555
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...
[SECURITY] Fedora 44 Update: rust-sequoia-sq-1.3.1-12.fc44
Command-line frontends for Sequoia...
CVE-2026-38570
bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...
EUVD-2026-34310
bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...
BACnet Stack å®å Øę¼ę“
BACnet Stack is an open-source protocol stack for BACnet, suitable for embedded systems, Linux, MacOS, BSD, and Windows. Version 1.3.1 of BACnet Stack contains a security vulnerability; this vulnerability stems from an out-of-bound read operation in bacnettagnumberdecode, which may lead to...