Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allo...
An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when ...
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid outp...
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with...
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects ...
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images point...
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-S...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
