NPM: Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

NPM: Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection vulnerability discovered by ? in WordPress Npm mongoose versions = 9.0.0, = 9.1.5...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @cedarjs/cli-storybook-vite (>=1.0.0-canary.12742 <=1.0.0-canary.12784) +14 more potentially affected by CVE-2025-68429 via storybook (>=9.0.0-alpha.0 <=9.1.16)

storybook NPM version =9.0.0-alpha.0, =0.0.1, =1.0.0-canary.12742, =0.0.2-alpha.0, =1.0.0, =0.1.80, =9.0.0-alpha.0, =9.0.0, =9.0.0, =9.0.0-alpha.0, =1.2.1, =0.0.75-beta.11, =0.2.7, =0.2.8 and more Source cves: CVE-2025-68429 Source advisory: SNYK:JS-STORYBOOK-14534871...

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

PT-2020-12466 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 9.0 through 12.9 Description: The issue allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. Recommendations: For GitLab EE/CE versions 9.0 through 12.9, consider...