PT-2026-49535

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

CVE-2026-33697 CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

PT-2026-28509

Name of the Vulnerable Software and Affected Versions Cocos AI versions 0.4.0 through 0.8.2 Description Cocos AI, a confidential computing system for AI, has a weakness in its attested TLS aTLS implementation. This allows for a relay attack where an attacker may be able to extract the ephemeral T...

CVE-2026-33509

Summary of CVE-2026-33509 / GHSA-r7mc-x6x7-cqxx : The pyLoad project exposes a critical vulnerability where a user with non-admin SETTINGS permission can write arbitrary configuration values via set_config_value(), with only a narrow hard-coded exception for storage_folder. The reconnect.script s...

CVE-2026-1175 birkir prime GraphQL Directive graphql information exposure

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is...

accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +347 more potentially affected by CVE-2025-68664 via langchain-core (>=0.4.0.dev0 <=1.2.4)

langchain-core PYPI version =0.4.0.dev0, =0.0.2, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...

WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Subresource Integrity SRI Manager versions = 0.4.0...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58756 via monai (>=0.4.0 <=1.5.0)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58756 Source advisory: OSV:GHSA-6VM5-6JV9-RJPJ...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58757 via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58757 Source advisory: OSV:PYSEC-2025-142...

Linux Distros Unpatched Vulnerability : CVE-2018-19802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aubio v0.4.0 to v0.4.8 has a newaubioonset NULL pointer dereference. CVE-2018-19802 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-8562

The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2024-24560 via vyper (>=0.1.0b12 <=0.4.0)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2024-24560 Source advisory: OSV:PYSEC-2024-148...

PT-2024-1822 · Provectus · Kafka-Ui

Name of the Vulnerable Software and Affected Versions: provectus kafka-ui versions 0.4.0 through 0.7.1 Description: The issue is related to incorrect code generation management in the web interface for managing Apache Kafka clusters, kafka-ui. Exploitation of this issue may allow a remote attacke...

PT-2023-29861 · Unknown +1 · Nats Server +1

Name of the Vulnerable Software and Affected Versions: nkeys versions 0.4.0 through 0.4.5 NATS Server versions 2.10.0 through 2.10.3 Description: NATS.io is a high performance open source pub-sub distributed communication technology. The cryptographic key handling library, nkeys, recently gained...

PT-2023-24953 · Pbjson · Pbjson

Name of the Vulnerable Software and Affected Versions: pbjson versions 0.4.0 and earlier Description: An issue allows attackers to cause a denial of service or other unspecified impacts via a crafted object that uses cyclic dependencies. Recommendations: For versions 0.4.0 and earlier, consider...

js-compute-runtime 安全漏洞

js-compute-runtime is a Fastly Compute@Edge JavaScript runtime open-sourced by Fastly. A security vulnerability exists in js-compute-runtime versions 0.4.0 through 0.5.3, which stems from the failure of the Math.random and crypto.getRandomValues methods to use sufficient random values...

CVE-2022-36042 Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execu...

PT-2022-22244 · Rizin · Rizin

Name of the Vulnerable Software and Affected Versions: Rizin versions 0.4.0 and below Description: The issue is related to an integer overflow via the function get long object. This allows attackers to cause a Denial of Service DoS via a crafted binary. Recommendations: For Rizin versions 0.4.0 a...

arrow (>=0.14.0 <=4.4.0), arrow-flight (>=2.0.0 <=4.4.0) +73 more potentially affected by unknown CVE via flatbuffers (>=0.4.0 <=22.12.6)

flatbuffers CARGO version =0.4.0, =0.14.0, =2.0.0, =1.0.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.17.0, =0.1.1, =0.1.0, =0.1.0, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3JCH-9QGP-4844...

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node by the individual developers at jindw. A security vulnerability exists in XMLDOM 0.4.0 and earlier versions that stems from not properly preserving system identifiers, fis, or namespaces...