CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

AZL-73359 CVE-2025-15284 affecting package nodejs-nodemon 2.0.3-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

AZL-73353 CVE-2025-15284 affecting package js-jquery 3.5.0-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

DEBIAN-CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

AZL-73316 CVE-2025-15284 affecting package js-jquery 3.5.0-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

UBUNTU-CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across all...

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

CVE-2025-14178

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

CLSA-2025-1767028399 java-11-openjdk: Fix of 5 CVEs

Upgrade to openjdk-11.0.29+7 GA. The following CVEs were fixed: - CVE-2023-48161: fix buffer overflow vulnerability - CVE-2024-21147: RangeCheckElimination array index overflow - CVE-2025-21587: fix TLS connection support to avoid unauthorized access to critical data - CVE-2025-53057: enhance...

CVE-2025-15195

Code-Projects Assessment Management 1.0 is affected. The vulnerability lies in /admin/add-module.php where manipulating the linked[] parameter enables SQL injection. The issue can be exploited remotely and exploits have been publicly disclosed. Multiple sources corroborate the SQLi risk and remot...

EUVD-2025-205581

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

CVE-2025-65570

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

CVE-2025-65570

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

CVE-2025-65570

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

(0Day) FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files...

PT-2025-53818

Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge related to the parsing of SFD files. Insufficient validation of user-supplied data can lead to a write past the end of an allocated array, potentially allowing a...

SUSE CVE-2025-14178

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

AZL-73237 CVE-2025-14178 affecting package php for versions less than 8.1.34-1

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...