CVE-2026-48862

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

PT-2026-42180

Name of the Vulnerable Software and Affected Versions phenixdigital phoenix storybook versions 0.2.0 through 1.0.x Description An unauthenticated denial-of-service can occur via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms usi...

CVE-2026-42545

Granian is a Rust HTTP server for Python applications. Vulnerable from 0.2.0 up to 2.7.4, where the WSGI response conversion path uses .unwrap() on header name and value constructors; malformed headers trigger a worker process abort instead of handling the error. This results in a Denial of Servi...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/navaids (>=0.2.4 <=0.4.1)

@squawk/navaids NPM version =0.2.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKNAVAIDS-16640884...

CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

PT-2025-46957

Name of the Vulnerable Software and Affected Versions ury-erp ury versions up to 0.2.0 Description A weakness exists in ury-erp ury that allows for SQL injection. This issue is related to the manipulation of the search term argument within the overrided past order list function located in the fil...

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

a2 (>=0.10.7 <=0.10.13), aad2onnx (=0.1.4) +1442 more potentially affected by CVE-2025-51480 via onnx (>=0.2.0 <=1.9.0)

onnx PYPI version =0.2.0, =0.10.7, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.4, =0.1.0, =0.0.0, =0.1.0, =0.3.0 and more Source cves: CVE-2025-51480 Source advisory: SNYK:PYTHON-ONNX-10877916...

WordPress Pocket News Generator plugin <= 0.2.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Benedictus Jovan in WordPress Plugin Pocket News Generator versions = 0.2.0...

PT-2023-24442 · Unknown · Aicustomfee +1

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Customization fields fee for your store" aicustomfee versions up to 0.2.0 Description: An issue in the "Customization fields fee for your store" module allows an attacker to perform SQL injection. The estimated number of...

angular-ui-notification 跨站脚本漏洞

angular-ui-notification is a library by Alexey Avramchik personal developer. Used to provide simple notifications, animated using Bootstrap 3 styles and css transformations. A security vulnerability exists in Angular angular-ui-notification version v0.1.0, v0.2.0, v0.3.6, which stems from a...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +540 more potentially affected by CVE-2023-26122 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26122 Source advisory: OSV:GHSA-79XF-67R4-Q2JJ...

CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +540 more potentially affected by CVE-2023-26121 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26121 Source advisory: SNYK:JS-SAFEEVAL-3373062...

@deansel/latte (>=0.1.2-beta.1 <=0.1.2-beta.7), @ibuk/epubjs-rn (>=0.2.40 <=0.2.43) +49 more potentially affected by CVE-2021-3820 via i (>=0.2.0 <=0.3.6)

i NPM version =0.2.0, =0.1.2-beta.1, =0.2.40, =0.2.38, =0.3.25, =0.2.33, =4.0.0-beta.6, =0.2.5, =0.6.0, =0.1.5, =0.0.2, =0.2.37, =0.0.1, =0.0.3 and more Source cves: CVE-2021-3820 Source advisory: OSV:GHSA-X55W-VJJP-222R...

czkawka_gui_orbtk (>=1.0.1 <=1.5.1), orbtk (>=0.3.0 <=0.3.1-alpha-1) +4 more potentially affected by CVE-2020-36459 via dces (>=0.2.0 <=0.3.1)

dces CARGO version =0.2.0, =1.0.1, =0.3.0, =0.3.0-alpha1, =0.3.0-alpha1, =0.3.0-alpha1, =0.3.1-alpha4 Source cves: CVE-2020-36459 Source advisory: OSV:RUSTSEC-2020-0139...

CloudBees Jenkins Yaml Axis Plugin Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Yaml Axis Plugin is used in one of the axis creation and...

00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +29089 more potentially affected by unknown CVE via tunnel-agent (>=0.2.0 <=0.5.0)

tunnel-agent NPM version =0.2.0, =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on tunnel-agent and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o...