CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

EUVD-2026-30674

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...

NULL Pointer Dereference

Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true that contain nu...

qs 代码问题漏洞

QS is a JavaScript library developed by Jordan Harband. Versions of QS from 6.11.1 to 6.15.2 had code vulnerabilities. This vulnerability occurred when calling qs.stringify on an array containing null or undefined, with arrayFormat set to comma and encodeValuesOnly set to true. This resulted in a...

Learning to Locate: GNN-Powered Vulnerability Path Discovery in Open Source Code

Detecting security vulnerabilities in open-source software is a critical task that is highly regarded in the related research communities. Several approaches have been proposed in the literature for detecting vulnerable codes and identifying the classes of vulnerabilities. However, there is still...

OS Command Exec, Unix Command Shell, Reverse SCTP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/reversesocatsctp msf payloadreversesocatsctp show actions ...actions... msf payloadreversesocatsctp set ACTION msf payloadreversesocatsctp show options ...show and set options... msf...

Configure Audit Rules for User Information Changes

Generally, for deployed services, users and user groups do not change. Passwords, however, are changed periodically but not frequently due to validity periods. It is recommended that key authentication and authorization data be audited and monitored so that changes can be traced. Performing attac...

PT-2023-6144 · Juniper Networks · Qfx10000 +8

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S5 Juniper Networks Junos OS versions prior to 20.4R3-S8 Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4 Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S2 Juniper Networks...

OESA-2023-1221 libldb security update

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. Security Fixes: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain...