34117 matches found
CVE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...
CVE-2026-32886
Parse Server (Node.js) is affected by CVE-2026-32886 through a cloud function dispatch crash caused by an attacker-controlled function name traversing the JavaScript prototype chain of a registered cloud function handler, leading to a stack overflow. The root cause is prototype chain traversal du...
CVE-2026-31971
A flaw was found in HTSlib, a library used for bioinformatics file formats. When reading CRAM Compressed Reference-oriented Alignment Map files, the crambytearraylendecode function did not properly validate the size of incoming data against the allocated buffer. This memory corruption vulnerabili...
CVE-2026-31968
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
DEBIAN-CVE-2026-31968
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
UBUNTU-CVE-2026-31968
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
CVE-2026-31971
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...
CVE-2026-31971
HTSlib CRAM decoder vulnerability (CVE-2026-31971): the function cram_byte_array_len_decode() fails to validate that the unpacked data size matches the output buffer when decoding BYTE_ARRAY_LEN. This can cause heap or stack overflows depending on the data stream, potentially crashing the process...
EUVD-2026-12942
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
CVE-2026-31968
HTSlib CRAM decoder (CVE-2026-31968) has incomplete validation in the VARINT and CONST encodings, which can cause writes past heap allocations or a stack byte, potentially enabling heap or stack corruption and, in some streams, arbitrary code execution. Affected versions are 1.23.1, 1.22.2, and 1...
CVE-2026-31968 HTSlib CRAM decoder vulnerable to buffer overflow
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
CVE-2026-31968 HTSlib CRAM decoder vulnerable to buffer overflow
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
CVE-2026-31968 HTSlib CRAM decoder vulnerable to buffer overflow
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...