73995 matches found
CVE-2026-42552
Flight PHP core prior to version 3.18.1 exposes verbose error information via the Engine::_error() handler, including the exception message, code, and full stack trace with absolute filesystem paths, in HTTP 500 responses. This leads to leakage of internal paths, secrets embedded in messages, and...
CVE-2026-44777
A flaw was found in jq, a command line JSON processor. The module loader fails to perform cycle detection when resolving imports. This missing cycle detection allows an attacker who can supply crafted modules with circular dependencies to exhaust the stack memory, causing an application crash,...
EUVD-2020-31222
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...
CVE-2026-43896
A flaw was found in jq, a command line JSON processor. The jvobjectmergerecursive function, reachable via the operator when both operands are objects, does not have a depth limit when processing nested objects. This missing depth limit allows an attacker who can supply a sufficiently nested input...
CVE-2026-40612
A flaw was found in jq, a command line JSON processor. The jvcontains function does not have a depth limit when processing nested arrays or objects. This missing depth limit allows an attacker who can supply a sufficiently nested input structure to exhaust the stack memory, causing an application...
CVE-2026-44002 vm2: Host File Path Disclosure via Stack Trace Information Leak
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can...
CVE-2026-44002
CVE-2026-44002 affects the vm2 sandbox for Node.js. Before 3.11.0, the CallSite wrapper blocks getThis() and getFunction() but allows getFileName() to reveal unsanitized host absolute paths. This enables sandboxed code to leak the host directory structure, library paths, and framework versions (v...
CVE-2026-45740
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...
CVE-2026-44289
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...
CVE-2020-37221
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...
CVE-2026-45740
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...
CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...
CVE-2026-44289 protobufjs: Denial of service through unbounded protobuf recursion
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...
CVE-2026-44289
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...
CVE-2020-37221 Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...
CVE-2020-37221 Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...
CVE-2020-37221
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...
CVE-2020-37221
Atomic Alarm Clock 6.3 is affected by a local, stack-overflow vulnerability in the Time Zones Clock configuration display name field. The issue arises from a crafted string causing a SEH overwrite with encoded shellcode, potentially bypassing SafeSEH protections and leading to arbitrary code exec...
vulnerabilities handled in Adobe After Effects
Adobe has identified several vulnerabilities in Adobe After Effects, particularly in versions 26.0, 25.6.4, and earlier versions. These vulnerabilities reside in the way Adobe After Effects processes certain files. There are issues with stack-based buffer overflows, heap-based buffer overflows,...
BIT-MONGODB-2026-4147 Stack memory disclosure in filemd5 command
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...