CVE-2026-45302 Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

CVE-2026-45302

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

DataEase 注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Version 2.10.20 of DataEase contains a injection vulnerability. This...

CVE-2026-5236

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument npresentations leads to heap-based buffer overflow. The attack needs to be performed...

CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

CVE-2026-29062 jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...

UBUNTU-CVE-2025-65803

An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service DoS via supplying a crafted PSD file...

Improper Validation of Array Index

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Array Index via the MultiModalDataParser input processor. An attacker can cause the engine to crash by submitting multimodal...

EUVD-2017-1378

Malware in sbrugna...

EUVD-2022-49331

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-1000427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. CVE-2017-1000427 Note that Nessus relies on the presence of the package...

CVE-2022-46527

ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...

Denial Of Service (DoS)

Tornado is vulnerable to a Denial Of Service DoS. The vulnerability is due to Tornado’s multipart/form-data parser continuing to process data after encountering errors, allows an attacker to generate excessive synchronous logging...

PT-2025-21576

Name of the Vulnerable Software and Affected Versions: Tornado versions prior to 6.5.0 Description: The issue allows remote attackers to generate a high volume of logs, constituting a denial-of-service DoS attack, by exploiting Tornado's multipart/form-data parser when it encounters certain error...

GHSA-GJCC-JVGW-WVWJ Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

Malicious code in interasdasdnal-data-parser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2abe44e01cf210338171b5fbd85494df086f85ce231b21c53c5b741dd960d355 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-6525 Malicious code in interasdasdnal-data-parser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2abe44e01cf210338171b5fbd85494df086f85ce231b21c53c5b741dd960d355 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

GHSA-QV64-W99C-QCR9 Jenkins temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

CVE-2022-46527

ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...

CVE-2022-46527

ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...