GHSA-QRVQ-68C2-7GRW nats-server websockets are vulnerable to pre-auth memory DoS

Impact The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. The implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which migh...

WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization

Overview WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Hiroshi Sawada of CrowdStrike Holdings, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...