Search Vulnerabilities

katalyst-koi: Session cookies can be replayed after user logout

CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

Nokogiri XSLT transform has a memory leak

Nokogiri CSS selector tokenizer has regular expression backtracking

GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

net-imap vulnerable to command Injection via unvalidated Symbol inputs

net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

net-imap has quadratic complexity when reading response literals

net-imap vulnerable to STARTTLS stripping via invalid response timing

Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

yard: Possible arbitrary path traversal and file access via yard server

Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

Malicious code in monolith-twirp-pullsd-authorization (RubyGems)