CVE-2026-22774

A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker can exploit this vulnerability by providing specially crafted input to the devalue.parse function. This can cause the application to consume excessive CPU time and memory, leading to a denial of servi...

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

CVE-2026-22774

CVE-2026-22774 affects the Svelte devalue library. From versions 5.3.0 through 5.6.1, certain inputs trigger devalue.parse to consume excessive CPU time and memory when processing untrusted data, potentially causing denial of service. Root cause: typed array hydration assumes an ArrayBuffer input...

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

EUVD-2026-2790

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

GHSA-VW5P-8CQ8-M7MV Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array...

Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array...

CVE-2026-0529

Improper Validation of Array Index CWE-129 in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers CAPEC-100 through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol...

CVE-2025-68783

An out-of-bounds write flaw was found in the Linux kernel's ALSA USB mixer driver for Tascam US-16x08 audio interfaces. The getmeterlevelsfromurb function extracts channel indices from USB packets without validating the range. A malicious or malfunctioning USB device can send packets with...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001823)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001823 advisory. The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collectio...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002062)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002062 advisory. Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11 allow physically proximate attacke...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002061)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002061 advisory. The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collectio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002421)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002421 advisory. Array index error in the logidjrawevent function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute...

Svelte security vulnerabilities

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.3.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the type array hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...

PT-2026-3092

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002678 advisory. The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002193 advisory. Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root...

CVE-2025-71064

In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the numtqps in the vf driver to apply for resources Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps, hdev-numtqps;...

CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...