332 matches found
EUVD-2017-14570
Malware in sbrugna...
EUVD-2016-10689
Malware in sbrugna...
EUVD-2018-11048
Malware in sbrugna...
EUVD-2016-9899
Malware in sbrugna...
EUVD-2016-6202
Malware in sbrugna...
EUVD-2017-6514
Malware in sbrugna...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: qt5-qtbase (UTSA-2025-986101)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986101 advisory. An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the...
EUVD-2025-28611
Malicious code in bioql PyPI...
EUVD-2024-19626
Malicious code in bioql PyPI...
CVE-2025-58754
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
CVE-2025-58754
CVE-2025-58754 affects Axios (Node.js) where, in versions prior to 0.30.2 and 1.12.0, processing a data: URL causes the Node http adapter to decode the entire payload into memory, bypassing maxContentLength/maxBodyLength, and return a synthetic 200 response. This can lead to unbounded memory allo...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.bowergithub.axios:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a...
CVE-2025-58361
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...
CLSA-2025-1756932817 nodejs: Fix of CVE-2024-22020
CVE-2024-22020: forbid data URLs in network imports to mitigate security flaw allowing bypass of network import restrictions...
SUSE-SU-2025:02968-1 Security update for libqt4
This update for libqt4 fixes the following issues: - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 - CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file...
Possible denial of service when passing malformed data in a URL to qDecodeDataUrl
...
qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service
A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...
OESA-2025-1835 thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and...
OESA-2025-1757 qt6-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that...
CVE-2025-5567
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...