Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms
Open Redirect Bypass in miniflux-v2
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported ngi...
Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering
Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination)
TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover
Craft Commerce: Coupon Code Brute-Force via Rate Limit Bypass
Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs
@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration โ unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text
flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key
@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized --workspace Argument
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into diffe...
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are use...
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReference#update, which retries until compare_and_set(old_value,...
Oj: Integer Overflow in Oj.load 2GB String Handling