CVE-2026-32933

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the core mapping engine when handling deeply nested object graphs. An attacker can cause the application to crash. Remediation Upgrade AutoMapper to version 15.1.3, 16.1.1 or higher. References - GitHub Advisor...

Malicious code in wdpr-node-http-error-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4afec8bd883f6042f7047f6b0d29cd37d57ef2e6f179a717a0ee7bbf44a16fe8 The OpenSSF Package Analysis project identified 'wdpr-node-http-error-handler' @ 16.1.1 npm as malicious. It is considered malicious because: -...

CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

UBUNTU-CVE-2023-3424

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...

CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...

GitLab 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-3362)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project w...

CVE-2022-31473

In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker...

F5 Networks BIG-IP : BIG-IP SIP ALG vulnerability (K44110411)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4 / 16.1.1. It is, therefore, affected by a vulnerability as referenced in the K44110411 advisory. - On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all...

Corel Parallels Desktop 路径遍历漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 16.1.1-49141. The vulnerability stems from failure to properly validate a user-supplied path before using it in a file operation. An...

Cisco IOS XE Software Elevation of Privilege Vulnerability (CNVD-2018-07305)

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. An elevation of privilege vulnerability exists in the Web UI in Cisco IOS XE Software version 16.1.1, which originates from the program failing to reset the privilege level of each Web UI session. A remote...

EasyPHP Devserver Insecure File Permissions Vulnerability

EasyPHP Devserver is a server developed by NodeJS, its goal is to assist in debugging some front-end effects that require server support. An insecure file permission vulnerability exists in EasyPHP Devserver version 16.1.1, which can be exploited by a local attacker to gain access to globally...