4166 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-50537
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is...
EUVD-2025-206359
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
Removed by vendor...
CVE-2025-50537
CVE-2025-50537 : The vulnerability affects eslint before 9.26.0, where serializing objects with circular references in eslint/lib/shared/serialization.js triggers infinite recursion in isSerializable() during RuleTester.run() validation, causing a stack overflow. Multiple sources (NVD, OSV, and C...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
AZL-75234 CVE-2026-1299 affecting package python3 3.12.9-8
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
AZL-75219 CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
UBUNTU-CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299 email BytesGenerator header injection due to unquoted newlines
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299
CVE-2026-1299 affects Python’s email module, specifically BytesGenerator, where newlines in headers weren’t properly quoted during serialization, enabling header injection when using LiteralHeader. The issue is triggered when headers are serialized with LiteralHeader behavior that ignores folding...
CVE-2026-1299 email BytesGenerator header injection due to unquoted newlines
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
PSF-2026-8
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
Denial-Of-Service (DoS)
Seroval is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded recursion during serialization, where objects with extreme nesting depth can exceed the maximum call stack size, causing crashes or service disruption when serializing untrusted input...
SUSE CVE-2026-23956
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from the email module’s improper handling of line breaks during email serialization, which may lead to header injection attacks...
GHSA-3J22-8QJ3-26MX Seroval affected by Denial of Service via Deeply Nested Objects
Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...
Seroval affected by Denial of Service via Deeply Nested Objects
Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...