GHSA-287x-9rff-qvcg: Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header

GHSA-3qhf-m339-9g5v: MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS

GHSA-j975-95f5-7wqh: MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service

GHSA-794x-8x6x-qpfc: Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

GHSA-j4rj-fgcq-wmqp: Cockpit - Content Platform vulnerable to XSS through name or email argument names

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.

**Economizzer user enumeration vulnerability**

Moderate severity GitHub Reviewed Published Sep 28, 2023 to the GitHub Advisory Database • Updated Sep 28, 2023

Headline

GHSA-h3qf-v68r-35jg: Economizzer user enumeration vulnerability

ghsa: Latest News