CVE-2026-23940
- EPSS 0.05%
- Veröffentlicht 13.03.2026 16:07:53
- Zuletzt bearbeitet 06.04.2026 17:17:08
Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected app...
CVE-2026-21622
- EPSS 0.06%
- Veröffentlicht 05.03.2026 21:18:03
- Zuletzt bearbeitet 06.04.2026 17:17:07
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a passw...
CVE-2026-21621
- EPSS 0.03%
- Veröffentlicht 05.03.2026 19:20:05
- Zuletzt bearbeitet 06.04.2026 17:17:07
Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' module) allows Privilege Escalation. An API key created with read-only permissions (domain: "api", resource: "read") can be escalated to full write acc...
CVE-2026-23939
- EPSS 0.08%
- Veröffentlicht 26.02.2026 19:41:18
- Zuletzt bearbeitet 06.04.2026 17:17:07
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Store.Local' module) allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/...
CVE-2026-21618
- EPSS 0.05%
- Veröffentlicht 19.01.2026 14:22:46
- Zuletzt bearbeitet 06.04.2026 17:17:06
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated wit...