SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
SQLFluff: Recursive Stack Overflow in Parser
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it direc...
Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal
Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string
@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint โ RCE
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service
Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint
HAX CMS: Denial of Service using Malicious Import Request
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Kopia: RCE via SSH ProxyCommand Injection
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This issue affects Automic Au...
The Kirki โ Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for auth...