Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

CVE-2026-9358

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

PT-2026-42916

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

Cross-site Scripting (XSS)

Overview vega-interpreter is a CSP-compliant interpreter for Vega expressions. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code b...

EUVD-2022-6441

Malicious code in bioql PyPI...

PT-2025-30076 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: cppc affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash occurs within the toString function of the TelnetLayer class, triggered through toStringList and toString functions of the...

PT-2024-40892 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 16 crash has been reported. The crash occurs in the pcpp::NDPNeighborAdvertisementLayer::toString function, which is called b...

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

CVE-2022-25875 Cross-site Scripting (XSS)

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

svelte 跨站脚本漏洞

svelte is a new way to build web applications open-sourced by Svelte. A security vulnerability exists in svelte versions prior to 3.49.0, which stems from improper input cleanup in the toString function...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is...

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

CVE-2016-7504

A use-after-free vulnerability was observed in RptoString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition...

Adobe Flash TextField.type Setter - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's...

Adobe Flash TextField.type Setter - Use-After-Free

Adobe Flash TextField.type Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's...