264 matches found
MetaGPT code issues and vulnerabilities
MetaGPT is a multi-agent framework developed by MetaGPT Inc. There are code issues and vulnerabilities in MetaGPT; these vulnerabilities stem from the deserializemessage function’s lack of verification of the data provided by users, which may lead to the deserialization of untrusted data and remo...
Memory Allocation with Excessive Size Value
Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the deserializebinaryform function via Remote Form endpoint. An attacker can cause excessive memory allocation by sending a specially crafted...
GHSA-GW2X-Q739-QHCR RustFS gRPC GetMetrics deserialization panic enables remote DoS
Summary A malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. Details - Vulnerable code: rustfs/src/storage/tonicservice.rs:1775-1782: - MetricType and...
CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15246
Aizuda snail-job (macOS) up to version 1.7.0 is affected in the API component by FurySerializer.deserialize, where manipulating the argsStr enables deserialization leading to remote exploitation. The exploit has been publicly disclosed. Remediation: upgrade to a version newer than 1.7.0 (i.e., no...
PT-2025-53923
Name of the Vulnerable Software and Affected Versions aizuda snail-job versions up to 1.7.0 Description A flaw exists in the FurySerializer.deserialize function within the API component of aizuda snail-job. This issue involves the deserialization of the argsStr argument, potentially allowing for...
CVE-2025-13716
Tencent MimicMotion createpipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the...
FreeBSD : pkcs11-helper -- deserialize buffer overflow (1a46e84d-c406-11f0-b513-0da7be77c170)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1a46e84d-c406-11f0-b513-0da7be77c170 advisory. Alon Bar-Lev reports: util: fix deserialize buffer overflow. thanks to Aarnav Bos. Tenable has extracte...
EUVD-2025-178905
Malicious code in final-bundle-zero-string-deserialize npm...
EUVD-2025-176423
Malicious code in serialize-final-beta-deserialize-await npm...
EUVD-2025-176503
Malicious code in scale-phi-deserialize-nu-sed npm...
EUVD-2025-179317
Malicious code in deserialize-rain-stub-alpha-socket npm...
EUVD-2025-180456
Malicious code in alpha-deserialize-book-upsilon-pi npm...
EUVD-2025-179749
Malicious code in chi-bad-deserialize-throw-static npm...
Malicious code in scale-phi-deserialize-nu-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3da7cfb294f277c58d7e8fe6484b55c4210fc860ea9b97bd8165568c264fb168 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179211
Malicious code in easy-kernel-deserialize-public-await npm...
Malicious code in socket-table-grid-sigma-deserialize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c9f9e87cf6fb6b68b3cd8868d6ceb7436fee28ca2f0fa8ae049c3c30db6e5e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179319
Malicious code in deserialize-double-simulate-interpret-tau npm...
EUVD-2025-176302
Malicious code in socket-table-grid-sigma-deserialize npm...
EUVD-2025-179318
Malicious code in deserialize-load-byte-delta-optimize npm...