Threat Intelligence

Live CVE feed

299 threats tracked across 7 launch stacks — sourced from NVD, GHSA, CISA KEV, OSV, npm Audit, and EPSS.

91threats · Critical + High· page 4/5
Get guardrails →

Multer Vulnerable to Denial of Service via Uncontrolled Recursion

Impact A vulnerability in Multer versions < 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Patches Users should upgrade to 2.1.1 Workarounds None Resources https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2 https://www.cve.org/CVERecord?id=CVE-2026-3520 https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752 https://cna.openjsf.or

Multer vulnerable to Denial of Service via incomplete cleanup

Impact A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Patches Users should upgrade to 2.1.0 Workarounds None

Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type

Summary SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST(... AS <type>) SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data from any table. Affected: v6.x through 6.37.7. v7 (@sequelize/core) is not affected. Details In src/dialects/abstract/query-generator.js, _traverseJSON() extracts a

OWASP A03OWASP Web
Get guardrail →

Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

Denial of Service via proto Key in mergeConfig Summary The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. Details The vulnerability exists in lib/core/mergeConfig.js at lines 98-101: ```javascript utils.forEach(Object.keys({ ...config1, ...config2 }

OWASP A03OWASP Web
Get guardrail →

Multer vulnerable to Denial of Service via resource exhaustion

Impact A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Patches Users should upgrade to 2.1.0 Workarounds None

Multer vulnerable to Denial of Service via unhandled exception from malformed request

Impact A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0.2 Workarounds None

FastAPI IDOR — route missing authorization check (found by Claude Code)

FastAPI routes with resource ID path parameters had no ownership check. validate_project_access was a no-op stub.

OWASP A01OWASP Web
Get guardrail →

Multer vulnerable to Denial of Service via unhandled exception

Impact A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0.1 Workarounds None References https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9 https://github.com/expressjs/multer/issues/1233 https://git

Multer vulnerable to Denial of Service from maliciously crafted requests

Impact A vulnerability in Multer versions >=1.4.4-lts.1 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0.0 Workarounds None References https://github.com/expressjs/multer/issues/1176 https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665

Multer vulnerable to Denial of Service via memory leaks from unclosed streams

Impact Multer <2.0.0 is vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal busboy stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer han

FastAPI Guard Auth Bypass via X-Forwarded-For

Attacker manipulates X-Forwarded-For header to bypass IP-based access controls. Fixed in fastapi-guard 2.0.0.

OWASP A05OWASP Web
Get guardrail →
2 rules

FastAPI unauthenticated RCE via code eval endpoint (Langflow)

FastAPI app executed arbitrary Python via /api/v1/validate/code without authentication. Actively exploited in wild.

OWASP A03OWASP A07OWASP Web
Get guardrail →
2 rules

Authorization Bypass in Next.js Middleware

Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. Patches For Next.js 15.x, this issue is fixed in 15.2.3 For Next.js 14.x, this issue is fixed in 14.2.25 For Next.js 13.x, this issue is fixed in 13.5.9 For Next.js 12.x, this issue is fixed in 12.3.5 For Next.js 11.x, consult the below workaround. _Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability.

OWASP A01LLM06 · Sensitive Info DisclosureOWASP Web
Get guardrail →

Nuxt allows DOS via cache poisoning with payload rendering response

Summary By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. Impact An attacker can p

OWASP A08OWASP Web
Get guardrail →

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

Summary A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463 A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. ##

OWASP A10OWASP Web
Get guardrail →
2 rules

Mongoose search injection vulnerability

Mongoose versions prior to 8.9.5, 7.8.4, and 6.13.6 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthorized access or manipulation of database data. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.

OWASP A03OWASP Web
Get guardrail →

Mongoose search injection vulnerability

Mongoose versions prior to 8.8.3, 7.8.3, 6.13.5, and 5.13.23 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthorized access or manipulation of database data.

OWASP A03OWASP Web
Get guardrail →

Next.js authorization bypass vulnerability

Impact If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed. Patches This issue was patched in Next.js 14.2.15 and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. Workarounds There are no official workarounds for this vulnerability. Credits We'd like to thank tyage (GMO

OWASP A01LLM06 · Sensitive Info DisclosureOWASP Web
Get guardrail →

Next.js Cache Poisoning

Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a Cache-Control: s-maxage=1, stale-while-revalidate header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: Next.js between 13.5.1 and 14

OWASP A01OWASP A08OWASP Web
Get guardrail →

Next.js Server-Side Request Forgery in Server Actions

Impact A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. Prerequisites Next.js (<14.1.1) is running in a self-hosted manner. The Next.js application makes use of Server Actions. The Server Action performs a redire

OWASP A10OWASP Web
Get guardrail →

Showing 6180 of 91 threats