Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
CoreWCF: SAML token replay protection is inoperative
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
CoreWCF: WS-Security signature substitution via document-wide Signature lookup
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE configuration panel (`/admin/config/parameters`). The `testProvider()` method in `ConfigurationCont...
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` / `select` / `filters` / `traverse` / `output`), translates it into an Eloquent query, and return...
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html`...
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then invo...
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyw...