@angular/platform-server: SSRF via Hostname Hijacking
Caddy Defender trusted proxy client IP bypass
Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) โ Mini Shai-Hulud worm
In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_team/conn"`) to the same path as another team's team-scoped secret when the caller had...
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by crafting...
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout a...
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Ai...
FileBrowser Quantum: unauthenticated user share share info
SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
SQLFluff: Recursive Stack Overflow in Parser
SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal
Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string
@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint โ RCE
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service